Not long after Elon Musk took over Twitter and started doing a whole lot of crazy stuff to the platform, the microblogging app Hive Social saw a huge spike in users. Apparently fed up with Elon’s shit, a bunch of people had decided to try out alternative social media sites—and Hive was one of them. Launched back in 2019, the platform reportedly saw its user base grow by a million users in the course of several weeks. Normally that kind of bump would have been cause for celebration, but Hive wasn’t ready for the huge influx of users—and a host of security issues have now forced it to take its servers offline.
A report published earlier this week alleges that Hive had a massive—and I do mean massive—problem on its hands. According to the German security collective Zerforschung, Hive had grievous software vulnerabilities that exposed pretty much all of its users’ personal data to the internet. A cybercriminal aware of the bugs would have been able to steal Hive users’ kit and caboodle—everything from private messages to registered account information. Researchers claim the bugs were so serious that they refrained from sharing technical details about them—fearing that hackers would exploit them.
According to Zerforschung’s blog:
“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login. Attackers can also overwrite data such as posts owned by other users…”
Zerforschung researchers say they reached out to Hive last Saturday about the security vulnerabilities but that the company failed to fix a majority of the issues in the report. After a couple of days, researchers decided to publish their findings, labeling their blog “Warning: do not use Hive Social.” It was only after the research went live that Hive publicly acknowledged the security issues and subsequently took its service offline.
On Thursday, Hive put out a statement, ironically posting it to the platform’s Twitter account. It reads: “The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience.” In an additional post, Hive optimistically quipped: “Our server is temporarily shut down. You’ll be able to sign up once we’re back online!”
It’s not totally clear when Hive is supposed to come back online, or what the company is doing to fix its security issues. Gizmodo reached out to Hive for more information and will update this story when we receive a response.
Growing pains for growing platforms are normal—especially when it comes to security. A lot of small companies do not employ any security professionals and most companies that are forced to expand in a short period of time will try to hire at least one. If it wants to stick around, that’s definitely going to have to be the case for Hive which currently consists of its founder and a staff of two people. According to Ars Technica, neither of the employees “had much of a background in security.”
Source : https://gizmodo.com/twitter-alternative-hive-data-breach-goes-offline-1849847495