Privacy Breach Exposes Sensitive User Data on Friend.tech, Raising Concerns Over Unauthorized Permissions

Friend.tech, a platform that allows users to tokenize their social networks, has experienced a significant privacy breach resulting in the unauthorized exposure of sensitive information for over 101,000 individuals. Here are the key details:

• Data Exposed: Banteg, a core contributor to DeFi project Yearn Finance, published a repository of publicly available scraped data on GitHub. This data contained critical information about Friend.tech users, including wallet addresses on Coinbase’s layer-2 network Base and corresponding Twitter usernames.
• Unauthorized Permissions: The breach revealed that over 101,000 Friend.tech users had granted the platform access to post on their behalf. This raised concerns about the extent of permissions granted by users and whether they fully understood the implications or explicitly consented.
• API Leak: The breach was initially discovered when Spot On Chain analysts found that Friend.tech’s API had inadvertently leaked information. This allowed access to view wallets created by users, along with associated Twitter usernames.
• Platform Explanation: Friend.tech responded by downplaying the severity of the breach, stating that the information was publicly available through their API, similar to viewing public Twitter feeds.
• Platform Growth: Despite the privacy concerns, Friend.tech has experienced significant growth recently, attracting high-profile users and accumulating over $1.42 million in protocol fees within 24 hours. The project aims to enable crypto influencers to earn royalties from trading fees and strengthen relationships between Web3 projects, venture capitalists, and prominent figures in the crypto industry.

The breach highlights the importance of user data protection in the cryptocurrency and blockchain space, as well as the need for platforms to clearly communicate and obtain user consent regarding data sharing and permissions.