Friend.tech has suffered from a major privacy breach that has led to the unauthorized disclosure of sensitive information pertaining to more than 101,000 individuals.
Banteg, a core contributor to popular DeFi project Yearn Finance, has published a repository of publicly available scraped data on GitHub, revealing critical details of over 101,000 users on the Friend.tech platform.
The exposed information includes wallet addresses on Base and corresponding Twitter usernames.
“101,183 people have given friend.tech access to post as them, leaked db (database) indicates,” Banteg said in a Monday tweet.
However, the privacy breach doesn't stop there. Banteg also highlighted a concerning situation regarding Friend.tech's permissions.
It appears that these users may have granted Friend.tech the ability to post on their behalf, possibly without fully comprehending the extent of the permissions granted or giving their explicit consent.
The breach came to light when Spot On Chain analysts discovered that Friend.tech's API had inadvertently "leaked" information.
They revealed that through the API, it was possible to view wallets created by users, with associated Twitter usernames.
Launched as a beta version on August 11, Friend.tech allows users to tokenize their social networks by purchasing and selling "shares" of their connections.
Friend.tech applies a 5% fee on transactions, with the owner profiting from the trade spread. The project is built on Coinbase's layer-2 network Base.
Friend.tech responded to the incident by trying to downplay the severity of the breach.
They claimed that the information was publicly available through their API, implying that scraping it is similar to looking at someone's public Twitter feed.
"This is
Read more on cryptonews.com