"I've been hacked!" Ok, let's be real about this.
So, I just want to make some things clear or we're going to end up with undue pandemonium. The word "hack" is getting used waaay too liberally these days. It is causing some undo stress for people who don't know what is going on. So, please let me explain in very plain terms what these claims are about.
I have never encountered (in my nearly 3 years of moderating) an instance of someone "hacking" an account like one sees in the movies. Most often, what happens, is either someone willfully gave out their information by accepting a classroom link (from someone other than a real teacher). Or they left their account logged into a computer and a family member or classmate took the opportunity to get in and cause some havoc.
If you're worried by all of the hack talk, here is what you can do to protect yourself.
-DON'T join a classroom, unless you're in a real class working with a real teacher.
-DON'T leave your account signed in if you're going to walk away from your computer.
-DON'T use the same password for your email account and Duolingo account.
If you joined a classroom run by anyone other than your legitimate teacher, leave that classroom. See This Discussion for how to leave a classroom.
So, I hope that clarifies some of that hack talk you've been hearing around the forums lately, and that you now understand how to keep your account secure.
Happy learning. ^_^
Duolingo can do more here and I think they should.
They should restrict who can make a classroom.
There needs to a warning pop-up or something of the like that INFORMS people when they join a classroom of how the classroom leader has access to their Duolingo account and asks if they are still sure they want to join (if such a thing is already is place, it's clearly not doing its job seeing how confused people are about it)
Duolingo wants to shrug off any responsibility here, but they provided this feature so they do owe it to users to prevent it from being abused or used maliciously and to actually inform users about it.
Also, since this is a moderator here (and a very experienced one, no less) posting this, can we also assume there will be more done to stop these bra-, er, kids from spamming people's profiles with links to their classrooms?
Your suggestion is solid. I recommend you post it in this discussion created by staff member Vivisaurus https://www.duolingo.com/comment/17349525
As for moderators keeping people from posting classroom links on people's profiles, we have a very limited toolset to work with. It is already against the guidelines to post those links on the website (because it effectively works as an exchange of emails, which is forbidden by the guidelines.) This gives us the authority to talk to people once we discover they are sharing those links. But, certain things must be in place before we are able to take any further action. This community depends on the whole community, not just the moderators, to function in as a healthy community. So, spreading caution about the classroom is something everyone can do to help. :)
agreed, I just wanted to know what solution, if any, Ceid Donn had in mind.
Also, not sure why this comment is getting downvoted. I see that Ceid now has something I would consider to be a solution (whether or not it is a good one being irrelevant at the moment), was it always there, or did Ceid edit the original comment? I honestly don't remember everything that's there now being there when I made my original response to it...
Given the incredibly huge user base of Duolingo, I suspect that that would be way too much work. They need something that can be fully automated. Textbook companies aren't dealing with these volumes, and the number of requests they get is more or less proportional to the books they sell.
I've seen some people with their passwords in their bio. I̶f̶ ̶y̶o̶u̶'̶r̶e̶ ̶o̶n̶e̶ ̶o̶f̶ ̶t̶h̶o̶s̶e̶ ̶p̶e̶o̶p̶l̶e̶,̶ ̶y̶o̶u̶'̶r̶e̶ ̶b̶a̶s̶i̶c̶a̶l̶l̶y̶ ̶̶a̶s̶k̶i̶n̶g̶̶ ̶t̶o̶ ̶b̶e̶ ̶"̶h̶a̶c̶k̶e̶d̶"̶.̶ If you're one of those people with a password in their bio, you should take it out for the safety of your account. Would you put your credit card number or facebook password somewhere public? I hope the answer to that is no.
Please, contact a moderator if you see that. As for blaming them if someone else signs into their account, I don't encourage that framing. Everyone could have their passwords in their bio and nothing would happen if there wasn't a person looking to take advantage. In ultimate terms, the fault belongs to the person who took advantage.
Ok, ok. Some will call me out here for the whole rest of my post which asks people to be careful with their security. What prompted me to say what I did in this comment is because there is a concept called "victim blaming". And the "asking to be....xyz" struck cord in me that has to do with victim blaming. In this instance, we are talking about the security of a duolingo account. In other cases, we are using that logic to blame people for much more horrible things that happen to them because someone else decided to do something horrible to them. So, yes, if you put your password on your profile on the internet, there is a chance that someone will use it to mess with your account. If you are wearing your favorite dress and someone attacks you, it is the fault of the attacker, not the dress. I just wanted to make this clear because I'm super sensitive to certain claims that people were "asking for it."
I've seen some a while back but not any recently, I'll be sure to alert a moderator if I see that again.
As to the "victim blaming" thing, it was just a poor choice of words. I guess I can change it but I'm still wondering why anybody would be so stupid to put their password into their own profile bio, leaving them susceptible to someone just logging in with their account and getting their email, personal classrooms (if they have any), and to a lesser extent, draining their lingots to someone else.
But then again, why would anybody want to hack a DUOLINGO account? Like seriously it's a language learning website, that's some low life stuff right there.
Making a strong password(strong language): https://www.youtube.com/watch?v=Q00OZ_Xk24w
The definition of hacking is simply gaining unauthorised access to a computer, account or data, so I doubt it's ever being used "too liberally". Whether or not the "hacker" is sitting behind walls of code and a thousand open programs isn't a part of it.
You have also missed a key thing here - making sure your password is secure and not something ridiculously simple (i.e. Duolingo or password).
Hello MissEngland, you are correct. That is the technical definition of hacking. But, I'm not addressing the technical terms of hacking. I'm addressing the fears that live in the popular imagination when people hear someone say "I've been hacked!".
Let me share a story. When I was in Uni, I was friends with Tapeworm, author of This Book. I was treated to some great stories, but then they were a bit of a let down too, because afterwords it was like knowing the method to a magic trick. The methods were hardly as interesting as some, including myself had imagined. One method included a hacker hiding in a broom closet to observe someone putting in their password. That was it. That was the method of an almighty hack that shook the news some years ago.
My post is about exposing the "magic" behind the claims. It's about giving people back their sense of power over situations they may have imagined were outside of their control.
As for saying people were using the term "too liberally", you haven't had the week I've had (along with a few other moderators) chasing a horde of mostly bogus hacking claims. We had the case in which one or two people neglected the security of their accounts. They told their friends "I've been hacked", who told their friends "someone is hacking accounts!". A few of those friends had the grand idea to create a few fake accounts and "hack" them, spreading the idea that hackers were on the loose to ridiculous levels.
It is much less interesting (but more appreciated by moderators) when someone admits "I left my computer on at school and someone signed in and wrote messages to people", rather than exclaims to everyone with eyes that "I've been hacked!" So, yes, in my mind, the term "hacked" was being used far too liberally.
And then staff altered the School's feature to allow the latest ability, which topped the cake on this week. So, I'm totally not apologizing for trying to illustrate the reality of what has been happening here and reduce the awe and magic of people's claims that they've been "hacked". I feel I reached the appropriate audience with my wording.
Completely got you... but I do think that some of the claims made must be somewhat valid. It just appeared to me that by labelling the claims as "liberal" you were almost dismissing them, but I'm sure that's not what you mean.
Also, for the instance you mentioned, you mean you had instances of people creating fake accounts to claim those fake accounts were hacked?
Also, it seems linda has just lost all of her progress on her account...
It just appeared to me that by labelling the claims as "liberal" you were almost dismissing them
Ah, ok. No, Duolingo takes these claims seriously.
I'm not sure who Linda is, unless you mean LindaKanga? If it is LindaKanga, it might have something to do with her doing the English for Korean speakers course. If it is someone else, please have them log out, request a new password be sent to their email so they can change the password. Then collect any evidence they have about what may have happened and email it to Abuse@duolingo.com (Evidence can be screenshots of threats to compromise the account, bragging about it, etc.). However, if they recently signed into a course with a different base language than they usually have, have them sign back into one of their other courses and see if that restores things for them.
That is a good question, one I don't have an answer for. There are some options to address the anxiety, however. 1. Change your password now. That way, if someone somehow saw your password (I'm not sure if that's how it even works), they can't use it once you change it. 2. If you don't want to change your password because you are attached to it, just make sure that your email has a different password. At the first sign of wonky activity, use your email to regain access to your account and change it then. Option 2 comes with a risk of course. They could remove courses and delete progress, etc. So, think carefully before making your choice.
Sticky's are given out very sparingly. I cannot see asking for one for this, simply because it isn't actually a very wide spread phenomenon. It only seems that way because there is just a lot of hype about it at this present moment.
What you can do, if you would, save a link to this discussion in your bookmarks. If you see someone mentioning that they've been hacked, give them a link and suggest that they read this and the post it is linked to. :)
I don't know if I was hacked or whatever, but my account became like one of those bot accounts and starts following random people. I changed my password twice and it won't stop. I unfollowed over 400 random "friends" on my account last week and 40 more popped up in a span of a few days. In my bio, there was also a shady link that I deleted immediately. I'm still able to access my account and change things, but it won't stop.
What am I supposed to do?
Did you change your password to Duoling and the email you have registered with Duolingo? It is a good idea if they do not have the same password. Next, make sure to log out of Duolingo if you are leaving your computer or phone where others are able to access it.
Next, be sure ti file a bug report by going Here. Under the issues drop down menu, choose "Report abuse". It might take a couple of days to around 2 weeks for your bug ticket. If after 3 weeks you haven't gotten a reply back from staff and/or the situation is still happening, send another report, but this time select "Bug (other)." Make sure that you include your Reference number from the last report you sent in, which should arrive in your inbox within 24 hours of filing your first report.
I hope this helps!