Hive Social: Twitter alternative offline for the time being after critical security vulnerability

Since the Twitter takeover by Elon Musk, many users have been looking for an alternative for the social network. Mastodon was the first chosen, after which Hive Social appeared on the scene as a Twitter alternative and was initially well received. But Hive has a slew of critical security vulnerabilities – and is offline for the time being to fix the gaps.

Hive Social offline after critical security vulnerabilities

Have you too been looking for an alternative after Elon Musk’s takeover of short messaging service Twitter? And possibly ended up with the up-and-coming service Hive Social from Brazil?

Then you might want to reconsider that decision. Because as the collective Hive Social Research shares on its own blog, the microblogging service has not one, but a multitude of critical security vulnerabilities.

“We currently strongly advise against using Hive Social,” Zerforschung said. But why?

The collective writes on its own website that it has taken a closer look at the app and the service. They found a number of serious security vulnerabilities and reported them directly to the provider.

Even contacting the provider proved to be extremely difficult, until the CEO could finally be reached by phone. In the timeline for making contact, Zerforschung writes that the first call from the CEO was “simply pushed away”.

It was only a good week after the first report about the security gaps that a written confirmation (via iMessage) was received. However, the security holes were still gaping openly across the social network.

Hive Social goes offline

However, Zerforschung does not write in the blog post about which security gaps it is specifically concerned. However, they state that the problems, which they have also reported to the provider, allow attackers to access all data of all users.

Even private posts, direct messages and even direct messages and posts that have already been deleted can be viewed without any problems, they say. “In addition, access to e-mail addresses, telephone numbers and dates of birth that have been specified during registration is also possible,” it continues. Even foreign posts from other users could be changed quite easily.

Hive Social has pulled the ripcord after the publication of the security vulnerabilities and taken its own service offline for the time being. In the coming days, they want to close the gaps and bug fixes to achieve a “better and safer experience”, the team on Twitter communicates.

According to Zerforschung, the (singular!) Hive developer is working on closing the gaps. As soon as there were additional details, they said they would update the blog post accordingly. However, it remains to be seen if and when Hive Social will return and whether the Twitter alternative will then really be secure.