Twitter alternative Hive temporarily shuts down as hackers could access people’s private messages

Software vulnerabilities could also allow potential hackers to edit other users’ posts

Vishwam Sankaran
Friday 02 December 2022 17:36 GMT
Comments
Related video: Will Mastodon & Hive Social Replace Twitter?

Twitter’s relatively new alternative Hive Social has temporarily shut down its servers amid concerns that its vulnerabilities may allow potential hackers access to all data, including users’ private messages.

Since Elon Musk took over Twitter, a wide range of social media platforms such as Mastodon and Hive have grown in prominence as people have sought to recreate their networks in other places.

Hive has a design similar to Twitter with users given individual profiles and a feed based on accounts they follow, as well as the option to share large images as seen in Instagram.

The platform, which reached over a million users in the last week, also allows users to choose a song to play on their profile page.

However, after researchers reported a number of critical vulnerabilities on the platform, including those that may allow attackers to access all user data, including private posts, messages, and even deleted direct messages, Hive has temporarily deactivated its servers.

The software bugs could also reportedly allow potential hackers to overwrite and edit data such as posts of other users.

Researchers who are part of the German collective Zerforschung said after they reached out to the company, Hive “acknowledged the report”, and “claimed to fix them within the next two days”.

“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login,” the German collective said.

Hive tweeted on Thursday that fixing the flagged issues would require turning off its servers for a couple of days.

“Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience,” the social media company said.

“We plan to work tirelessly until we can get back online and we hope to welcome you back to a faster and more stable Hive very soon,” it added.

In its privacy policy, before it shut down its servers, the company detailed the data the app would collect from users, including some data on people’s devices.

But the platform also requires users to “acknowledge and accept that no method of transmission over the internet, or method of electronic storage, is 100% secure and reliable, and we cannot guarantee its absolute security”.

Last month, the company said it was run by two people and that it was “working on improving the app, and designing our new accessibility features after amazing feedback from many users,” but responded on Twitter that it was going to hire more people.

The German research group said it would publish an in-depth analysis of the security concerns it flagged, including technical details, once the issues are fixed by Hive.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in