Following the recent news on hackers obtaining data of almost 3 million Duolingo users, Surfshark data shows that the Duolingo data leak primarily impacted the US, with nearly 1-million accounts compromised.

Key insights from the Surfshark study are:

* 2,68-million Duolingo users whose email addresses were exposed and are now being sold online.

* The US is the most affected country, with 967 000 unique email addresses exposed. This constitutes approximately one-third of the compromised accounts.

* South Sudan comes in second, with five times fewer accounts leaked (175 000) than the US. Spain follows in third place with 123 000 exposed accounts, followed by France with 105 000, and the UK with 98 000.

* In total, 16,3-million data points of Duolingo users were exposed. On average, each email account was leaked with five data points, such as language (5,3-millon), profile picture (2,7-million), username (2,7-million), name (2,2-million), country (700 000) or bio (6 000).

The biggest concern is the exposure of email addresses, which could be used for phishing attacks. People affected might receive personalised phishing emails using leaked names and origin countries, resulting in highly customised emails, possibly even in their own native languages.