As the months roll on in 2023, so too do the data breaches. Millions of people are affected by data breaches against all sorts of different services and entities, and the data points exposed in these incidents can be very valuable for cybercriminals.

Thus, as summer comes to a close, it’s important to keep your guard up against these cyberattacks. The holiday season will be here before you know it, and cybercriminals are more than ready to take advantage of increased online activity.

In this installment of the BlackCloak Thursday Threat Update, we’ll take a look at data breaches affecting a popular application and a meal delivery service.


Duolingo data breach affects nearly three million users’ email addresses

What we know: The popular language learning application Duolingo experienced a data breach affecting roughly 2.68 million users. An investigation found the email addresses belonging to those users were stolen and sold online after the breach occurred earlier this year. Initially, the data breach, while impacting 16.3 million users worldwide, was only thought to have exposed usernames, countries of origin and profile pictures, but further examination revealed email addresses were also stolen in the incident.

Recommendations: Duolingo users should pay close attention to the emails they receive. Cybercriminals may leverage these stolen email addresses to send phishing emails. These emails may try to elicit an emotional response to trick the victim into turning over login credentials, personal information or even money, by claiming there is an urgent matter that needs to be resolved. No legitimate organization will ever reach out to you via email asking for any type of sensitive information. When examining a suspicious email, check for misspellings and poor grammar, as those are hallmarks of a scammer in the works.


“Mom’s Meals” breach exposes personal information

What we know: The medical meal delivery service “Mom’s Meals” disclosed a data breach that took place in February. The personal information of 1.2 million customers and employees were compromised in the breach, and compromised data points include dates of birth, financial account information, payment card information and health insurance information. Less than 1% of data breach victims had their Social Security numbers exposed as well.

Recommendations: In its notice on the data breach, the parent company of “Mom’s Meals,” PurFoods, said it has included instructions on how to sign up for complimentary credit monitoring and identity restoration services it is providing to victims. Even though a small subset of Social Security numbers were exposed in the incident, it’s a good idea to place a credit freeze and fraud alert on your accounts out of an abundance of caution. Additionally, you should also consider canceling any payment cards you may have used with “Mom’s Meals” to ensure no fraudulent transactions can be made by malicious actors.


Keep an eye on your phone

Our mobile devices have become a vital part of our everyday lives, and cybercriminals are well aware of this fact. It’s why you should be cognizant of the cyberthreats that specifically target your mobile device.

Learn about text message spam and “smishing,” as well as how you can fight back against unwanted phone calls.