Active Securities Lawsuit Investigation (high) A legal investigation was initiated by law firms (e.g., ClaimShamis & Gentile P.A.) into potential securities fraud claims against Duolingo. The investigation focuses on whether the company made misleading statements or omitted critical information regarding its user engagement and business performance, specifically concerning investors who experienced financial losses between May 1, 2025, and July 25, 2025.. Major Data Breach via Exposed API (high) Duolingo suffered a data breach where the personal information of 2.6 million users was exposed and subsequently sold on a hacker forum. The compromised data included usernames, names, and phone numbers. Duolingo confirmed the data was obtained by scraping publicly available information based on an exposed application programming interface (API), which the company's spokesperson stated was 'intentionally publicly visible.'. CEO's 'AI-First' Strategy Caused Severe User Backlash and Workforce Reduction (high) In April 2025, CEO Luis von Ahn announced Duolingo would become an 'AI-first' company via a staff memo, stating the company must 'take occasional small hits on quality' and gradually reduce contractors for tasks AI can handle. This announcement triggered widespread public outcry, user boycotts, and threats of subscription cancellations, amplified by the CEO's prior statement that AI should replace teachers. The company had already laid off 10% of its contractors in January 2024, partly due to AI integration. The company later publicly backtracked and the CEO admitted the memo 'did not give enough context.'