The decentralized social media platform Friend.tech recently announced an update that allows users to add and remove different login methods used to access their accounts. This decision comes in response to reports of SIM swap attacks.
On October 4th, Friend.tech made it known that these settings can now be accessed through the app, and users need to click on their wallet balance to make these changes.
Explaining why the platform hasn’t yet activated two-factor authentication (2FA), Friend.tech stated that, in the current state, this feature might inadvertently lock users out of their accounts. They mentioned that they’ve proposed user experience (UX) updates to Privy, the company they use to enable security features.
“Privy is actively working on deploying this feature, and we will integrate it once they finish.”
Previously, in an FAQ on October 2nd, some Friend.tech users complained about not being prompted to confirm their passwords, and when entered incorrectly, neither Privy nor Friend.tech could reset them.
Meanwhile, users have reacted to the update, and many have reported being locked out of their accounts. In fact, one user complained that even after they had removed their phone number and replaced it with an alternative authentication method, the number was still not logged out on other devices, potentially allowing hackers to access their account.
These updates come after the platform faced a breach on October 4th, with users reporting that their accounts had been compromised after attackers took control of their mobile phone numbers, a type of attack known as SIM swapping.
According to reports, over 100 Ethereum tokens disappeared in just one week. The exploitation continued on October 5th, at which point the fraudsters behind the breaches could have earned at least $385,000 worth of ETH.