Standing Intelligence Requirements

For the most up to date list of ZeroFox Threat Research’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Details

Duolingo, a U.S.-based online language learning platform, in which 2,685,777 email addresses were exposed, which were subsequently shared on a deep web platform. Other notable data fields observed in this package include: user activity and names. The threat actor did not disclose the ultimate source of the data breach or how it was exploited.

Recommendations

• If not already enabled, turn on the compromised credentials rule for all relevant entities and ensure relevant emails are entered for those entities, or reach out to [email protected] for assistance
• If one of your entities receives an alert, ZeroFox recommends immediate password changes for the affected account
• Enable multi-factor authentication for all of your organizational accounts to help mitigate phishing and credential stuffing attacks