Twitter alternative Hive shuts down to fix major security issues

Hive Social, one of the microblogging platforms that gained popularity following Elon Musk’s acquisition of Twitter, has gone offline while it fixes a number of major security issues.

In the days following Elon Musk’s Twitter takeover, many users fled to alternative microblogging platforms, such as Mastodon and Hive, amassing millions of new users practically overnight. But with the increased popularity also came increased scrutiny.

German research group Zerforschung recently discovered a number of severe vulnerabilities in Hive, which would allow threat actors to cause huge damage to the platform: they’d be able to access all data, including private posts and messages, shared media and even deleted direct messages. Furthermore, email addresses and phone numbers used for identity verification could also be accessed.

Going public

In a blog post published earlier this week, the group said it notified Hive of its findings in private, and soon afterward received confirmation of the issues being fixed. 

However, due to a serious piece of miscommunication, Hive were still working on the fix when Zerforschung went public with its findings, urging users to stay away from Hive and use a different network.

In response, Hive shut down all of its operations completely, until the issues could be resolved. Since then Hive has released a single update, but more are expected soon.

While the researchers might recommend Mastodon instead, it’s fair to say that this platform has had its share of problems too. Last week, researchers discovered three separate flaws that could allow threat actors to tamper with the stored data, and in some cases even download it.

When news of the flaws broke out, security experts warned Mastodon users not to share data that they wouldn’t be comfortable with everyone knowing about.

Via: TechCrunch