Hive Social on phone in hand in front of white background

rarrarorro/Shutterstock (Licensed)

Twitter alternative Hive forced to shut down over security vulnerabilities

The app was leaking private messages, posts, images, phone numbers, emails, and birthdates.


Mikael Thalen


Posted on Dec 1, 2022

The social media platform Hive has temporarily shut down after security researchers discovered that it was riddled with severe vulnerabilities.

In a blog post on Wednesday, the researchers, part of a German collective known as Zerforschung, revealed how the app was leaking “private messages, posts, images and user data like phone numbers, emails, and birthdates.”

Zerforschung says it repeatedly reported the issues to Hive but initially received no response. After reaching the company by phone, Hive reportedly acknowledged receiving the team’s report. But after several days and “multiple reminders,” Zerforschung says no action was taken.

Finally, according to the blog, Hive announced to Zerforschung that it has patched all of the issues. Yet Zerforschung says that several of the vulnerabilities it reported were still present in the app.

After releasing its blog post, Zerforschung also showed in a demonstration on Twitter how an attacker could even alter the text of other users’ posts.

Zerforschung stressed that it would not publish a detailed analysis of the vulnerabilities until they were all fixed in order to protect the privacy of Hive’s users.

In response to the blog post, which has been retweeted more than 2,600 times, Hive announced on Twitter that it would be shutting down its servers until the issues were fully fixed. Hive also denied that it told Zerforschung that the vulnerabilities had been patched and instead claimed that it merely stated that they were in the process of addressing the issue.

“Hi everyone! The Hive team has become aware of security issues that affect the stability of our application and the safety of our users,” the tweet said. “Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience.”

Founded in 2019, Hive’s userbase has exploded in recent weeks following the acquisition of Twitter by Elon Musk. Founded at the time by a 22-year-old self-taught coder named Kassandra Pop, the app is now facing increased scrutiny as it struggles to catch up to its growing popularity.

We crawl the web so you don’t have to.
Sign up for the Daily Dot newsletter to get the best and worst of the internet in your inbox every day.

Share this article
*First Published: Dec 1, 2022, 11:25 am CST