@easy_b @Camille
arstechnica.com
Hive Social turns off servers after researchers warn hackers can access all data
Site officials say site will be down for a couple of days.
DAN GOODIN - Thursday at undefined
Enlarge
Hive Social
108WITH 0 POSTERS PARTICIPATING
Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts.
“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages,” the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. “This also includes private email addresses and phone numbers entered during login.”
Enter your email to get the Ars Technica newsletter
Join Ars Technica and
Get Our Best Tech Stories
DELIVERED STRAIGHT TO YOUR INBOX.
SIGN ME UP
By signing up, you agree to our user agreement (including the class action waiver and arbitration provisions), our privacy policy and cookie statement, and to receive marketing and account-related emails from Ars Technica. You can unsubscribe at any time.
The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post “Warning: do not use Hive Social.”
Hive Social responded by pulling down its entire service.
“The Hive team has become aware of security issues that affect the stability of our application and the safety of our users,” company officials wrote. “Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience.”
The Zerforschung post said the vulnerabilities were so serious that they were withholding technical details to prevent the active exploitation of them by malicious hackers.
Advertisement
The series of events raised questions about why Hive Social waited some 72 hours to shut down its site after receiving notification users’ most private data was free for the taking. Zerforschung said that after multiple communications, Hive Social claimed to have fixed all issues when that was clearly not the case. The social media site said it never claimed the vulnerabilities were fixed.
Hive Social’s user base reportedly doubled in the last few weeks, going from about 1 million to 2 million as of last week, according to Business Insider. Despite the massive growth, the social media site continued to be staffed by just two people, neither of whom had much of a background in security.
Representatives of both Hive Social and Zerforschung didn’t respond to questions sent by email.
While there are no reports that the vulnerabilities were actively exploited, there’s no way at the moment to rule that out. Anyone with a Hive Social account should be prepared for the possibility that the data they provided during sign-up, as well as private messages, whether deleted or not, have been obtained.
FURTHER READING
How secure a Twitter replacement is Mastodon? Let us count the ways
The lesson from this event further supports advice Ars gave on Tuesday concerning Mastodon, another social media site that has also seen skyrocketing user numbers in the aftermath of the Twitter takeover by Musk. Put nothing on the site that you wouldn’t mind being public. Confidential information should never be put in direct messages or any other place. Here’s hoping Hive Social users already knew that.
Hive Social turns off servers after researchers warn hackers can access all data
Site officials say site will be down for a couple of days.
arstechnica.com
Hive Social turns off servers after researchers warn hackers can access all data
Site officials say site will be down for a couple of days.
DAN GOODIN - Thursday at undefined
Enlarge
Hive Social
108WITH 0 POSTERS PARTICIPATING
Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts.
“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages,” the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. “This also includes private email addresses and phone numbers entered during login.”
Enter your email to get the Ars Technica newsletter
Join Ars Technica and
Get Our Best Tech Stories
DELIVERED STRAIGHT TO YOUR INBOX.
SIGN ME UP
By signing up, you agree to our user agreement (including the class action waiver and arbitration provisions), our privacy policy and cookie statement, and to receive marketing and account-related emails from Ars Technica. You can unsubscribe at any time.
The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post “Warning: do not use Hive Social.”
Hive Social responded by pulling down its entire service.
“The Hive team has become aware of security issues that affect the stability of our application and the safety of our users,” company officials wrote. “Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience.”
The Zerforschung post said the vulnerabilities were so serious that they were withholding technical details to prevent the active exploitation of them by malicious hackers.
Advertisement
The series of events raised questions about why Hive Social waited some 72 hours to shut down its site after receiving notification users’ most private data was free for the taking. Zerforschung said that after multiple communications, Hive Social claimed to have fixed all issues when that was clearly not the case. The social media site said it never claimed the vulnerabilities were fixed.
Hive Social’s user base reportedly doubled in the last few weeks, going from about 1 million to 2 million as of last week, according to Business Insider. Despite the massive growth, the social media site continued to be staffed by just two people, neither of whom had much of a background in security.
Representatives of both Hive Social and Zerforschung didn’t respond to questions sent by email.
While there are no reports that the vulnerabilities were actively exploited, there’s no way at the moment to rule that out. Anyone with a Hive Social account should be prepared for the possibility that the data they provided during sign-up, as well as private messages, whether deleted or not, have been obtained.
FURTHER READING
How secure a Twitter replacement is Mastodon? Let us count the ways
The lesson from this event further supports advice Ars gave on Tuesday concerning Mastodon, another social media site that has also seen skyrocketing user numbers in the aftermath of the Twitter takeover by Musk. Put nothing on the site that you wouldn’t mind being public. Confidential information should never be put in direct messages or any other place. Here’s hoping Hive Social users already knew that.
