Friend.tech offers login removal solutions after SIM-swap reports
The decentralized social network Friend.tech took to social media to announce an updated feature that will allow users to add and remove various login methods used to access their accounts after reports of SIM-swap attacks emerged.
On Oct. 4, Friend.tech said the settings had been made accessible via the app, with users needing to tap their wallet balance to make changes.
You can now add and remove log in methods for your https://t.co/YOHabcBL3H account. To access these settings, tap your wallet balance in the top right corner of the app pic.twitter.com/d37VWVk2Eb
— friend.tech (@friendtech) October 4, 2023
The platform continued its post by saying it had received inquiries from users as to why it had yet to enable a two-factor authentication passcode feature.
Friend.tech said that in its current state, the feature would most likely cause users to lock themselves out of their accounts. It said it had suggested UX updates to Privy, the company it uses to enable privacy features.
“Privy is working diligently to implement this and we will integrate the feature when they have finished.”
In a Q&A on Oct. 2, some Friend.tech users complained that they were not prompted to confirm their passcodes and that when mistyped, neither Privy nor Friend.tech could reset them.
Meanwhile, users have been responding to the update, with many saying they were already locked out of their accounts.
Been locked out of my account for over a month. Where do I get help now that your help desk account is banned?
— Crossover (@crossover_step) October 4, 2023
One user complained that although they removed the number and replaced it with an alternative type of authentication, it did not log out sessions on other devices, which may still allow hackers to be logged in.
Related: Decentralized social networks have a retention problem, say execs
These updates came as the platform experienced exploits on Oct. 4, during which users reported their accounts had been compromised after hackers took control of their mobile numbers, a type of attack known as a SIM swap.
According to reports, over 100 Ether (ETH) was drained in just a week as a result.
The exploits continued into Oct. 5, by which time the scammers behind the compromises had been able to net at least $385,000 worth of Ether.
This all follows significant revenue increases for Friend.tech, with surges totaling 10,663 ETH and its total value locked hitting more than 30,000 ETH.
Magazine: Blockchain detectives: Mt. Gox collapse saw birth of Chainalysis