Following Elon Musk’s Twitter takeover, there was a rush of Twitter users seeking possible replacement apps. Suddenly there was a ton of buzz around apps like Mastodon, Hive, Post, and more. Naturally, it was only a matter of time before problems started with some of these up-and-coming Twitter killers.
In a post on Twitter, Hive Social announced it would temporarily turn off its servers to fix several security issues. German cyber group Zerforschung warned Hive and its users in a blog post detailing the security issues. Zerforschung says it “found a number of critical vulnerabilities” that it confidentially reported to Hive. The groups says the issues it found could allow an attack to access all of a user’s data, including private posts, private messages, shared media and even deleted messages. That included private email addresses and phone numbers entered during login.
The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience pic.twitter.com/wOgW7ga9xN
— Hive (@TheHIVE_Social) December 1, 2022
Worse, Zerforschung says attackers could overwrite data such as posts owned by other users. In a video shared in Zerforschung’s blog post, the group demonstrates editing another account’s post to say something different.
According to a timeline released by Zerforschung, it began investigating Hive on November 23rd and completed its report on November 26th. The attempted to contact Hive several times but didn’t receive an acknowledgement from Hive until November 28th. Hive shared the tweet about shutting down its servers on November 30th — Zerforschung notes that its testing suggests one vulnerability may be fixed as of November 30th.