- Friend.tech, a new decentralized social platform (DeSo) based on trading “shares” allowing users to interact with influencers, was previously accused of leaking data of over 100,000 users.
- The creators of the platform immediately denied the rumors, however, research conducted by experts at Check Point Research suggests Friend.tech had critical security flaws.
- The vulnerabilities allowed, among other things, for the takeover of the database, access to user chats and the ability to change their ranking, a functionality that the new social medium is based on.
Friend.tech, a new decentralized social platform (DeSo) based on trading “shares” allowing users to interact with influencers, was accused some time ago of leaking data of over 100,000 users. The creators of the platform immediately denied these rumors. However, research conducted by Check Point Research experts found that Friend.tech had critical security flaws.
Friend.tech is more than the typical social media platform. It is one of the latest web3 platforms built on blockchain and decentralized financial models. It operates as a decentralized ecosystem where a user’s popularity transcends mere likes and retweets, turning into tokens. You can think of it as an exchange of personalities, where value changes in response to supply and demand dynamics. By linking the user’s Friend.tech account with account X (formerly Twitter), the platform enables users to trade popularity through buying and selling their “shares”.
Launched in August 2023, the platform emerged on the scene, stirring excitement among the web3 community and tech journalists. In a relatively short time, Friend.tech obtained substantial volume of 38,884 ETH (approximately 64.6 million dollars), which was distributed for 1.5 million transactions. Not only did this performance draw attention, it reinforced Friend.tech’s position, placing it second in global on-chain protocol activity.
Although Friend.tech offers a unique way to profit from social interactions, it is crucial to ensure it also provides data security. This was verified by cybersecurity specialists from Check Point Research. The study results turned out unfavorable for the platform’s creators. Experts identified critical vulnerabilities that could allow an attacker to access Friend.tech’s database, and grant unauthorized control over various functions, including the ability to download the entire database.
Moreover, security analysts found that downloading all private chats located behind a firewall was possible. This means conversations meant to be visible only to paying users could be opened and disclosed without authorization! A potential attacker could also modify database values, more specifically – the ranking “points” (obtained by buying/selling user shares).
In early September, the Check Point Research team shared their findings with Friend.tech. Check Point analysts are advising all users to stay vigilant and remember proper security practices.
