Hive Social, one of the microblogging platforms that gained popularity after Elon Musk’s acquisition of Twitter, has gone offline while fixing some major security vulnerabilities.
In the days following Elon Musk’s takeover of Twitter, many users fled to alternative microblogging platforms, such as Mastodon and Hive, adding millions of new users virtually overnight. But with increased popularity came more scrutiny.
The German research group Zerforschung recently discovered a number of serious vulnerabilities in Hive, which could allow threat actors to wreak havoc on the platform: they would have access to all data, including private messages and messages, shared media, and even deleted direct messages. Furthermore, e-mail addresses and telephone numbers are used for identity (opens in new tab) verification could also be consulted.
In a blog post published earlier this week, the group said it privately notified Hive of its findings and received confirmation shortly after that the issues were resolved.
However, due to a serious miscommunication, Hive was still working on the fix when Zerforschung made its findings public and urged users to stay away from Hive and use a different network.
In response, Hive completely shut down all of its activities until the issues could be resolved. Since then, Hive has released a single update, but more are expected soon.
While the researchers might recommend Mastodon instead, it’s fair to say that this platform has had its fair share of problems as well. Last week, researchers discovered three separate flaws that allowed attackers to manipulate and, in some cases, even download the stored data.
When news of the flaws broke, security experts warned Mastodon users not to share any data they would be uncomfortable with if everyone knew about it.
Through: TechCrunch (opens in new tab)