Skip to content

Friend.tech vulnerabilities risk user data and chats

  • by
  • 2 min read

Friend.tech, the latest platform that relies on the web3 framework, is vulnerable to potential security breaches that allow threat actors to access databases and users’ private chats and manipulate the database.

A recent investigation of the platform by Check Point Research (CPR), a cybersecurity company, has revealed these critical vulnerabilities.

CPR’s findings include:

  • The vulnerabilities in the Friend.tech platform can grant attackers unauthorised access to the platform’s database, giving them control over various important functions. The hackers can also download the entire platform database by exploiting this vulnerability.
  • CPR also discovered that private chats, intended to be visible only to users to have paid, could be accessed and disclosed without authorisation, including shared files such as images and videos.
  • Finally, attackers could directly modify database values, affecting the ranking points earned by buying and selling user shares. With this manipulation, the attackers can gain a major share in the future airdrop when Friend.tech sends free tokens to its users.

CPR shared the findings with the Friend.tech team on September 5th.

This is an image of friend. Tech ss1
CPR shared its findings with Friend.tech on September 5th.

Friend.tech was launched in August 2023 and immediately gained popularity with a volume of 38,884 ETH worth over $64.6 million distributed over 1.5 million transactions worldwide. The platform has been hailed much more than a social media platform.

On the platform, your popularity is converted into tokens like a personality stock exchange. The users can then trade their shares as per their preference. Users can also link their Friend.tech account with their X account and trade in popularity shares.

What’s interesting is that these shares provide more than just financial benefits. Users can get access to exclusive content, a private chatroom, and access to direct messaging. The platform will create a tiered, token-based system for interaction with followers.

This means that the more influenced you become, the more followers you gain, and the more will be the value of your token. The game aims to attract more followers like all social media platforms. Just the technique is different.

In the News: Raspberry Pi 5 comes with a 64-bit CPU, dual 4k displays and 8GB RAM

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

How to use tiktok’s hidden emojis

How to Use TikTok’s Hidden Emojis

This is an image of dark web hacker security

Security flaw in Dahua CCTVs allows remote access

This is an image of python windows featured

Hackers are targeting Python developers with fake PyPI sites

This is an image of apple featured 2323424823

Apple patches Safari bug; Already exploited in Chrome

This is an image of dark web hacker security

Vibe coding platform breach exposes corporate apps

This is an image of dark web hacker security

Fake apps are stealing data blackmailing users on Asian mobile networks

>