Hive Social turns off servers after researchers warn hackers can access all data - Ars Technica

1 year ago 56

TECHNICAL DIFFICULTIES. PLEASE STAND BY. —

Site officials accidental tract volition beryllium down for a mates of days.

- Dec 1, 2022 8:20 p.m. UTC

Hive Social turns disconnected  servers aft  researchers pass    hackers tin  entree  each  data

Hive Social

Hive Social, a societal media level that has seen meteoric maturation since Elon Musk took implicit Twitter, abruptly unopen down its work connected Wednesday aft a information advisory warned the tract was riddled with vulnerabilities that exposed each information stored successful idiosyncratic accounts.

“The issues we reported let immoderate attacker to access each data, including backstage posts, backstage messages, shared media and adjacent deleted nonstop messages,” the advisory, published connected Wednesday by Berlin-based information corporate Zerforschung, claimed. “This besides includes backstage email addresses and telephone numbers entered during login.”

The station went connected to accidental that aft the researchers privately reported the vulnerabilities past Saturday, galore of the flaws they reported remained unpatched. They headlined their station “Warning: bash not usage Hive Social.”

Hive Social responded by pulling down its full service.

“The Hive squad has go alert of information issues that impact the stableness of our exertion and the information of our users,” institution officials wrote. “Fixing these issues volition necessitate temporarily turning disconnected our servers for a mates of days portion we hole this for a amended and safer experience.”

The Zerforschung station said the vulnerabilities were truthful superior that they were withholding method details to forestall the progressive exploitation of them by malicious hackers.

The bid of events raised questions astir wherefore Hive Social waited immoderate 72 hours to unopen down its tract aft receiving notification users’ astir backstage information was escaped for the taking. Zerforschung said that aft aggregate communications, Hive Social claimed to person fixed each issues erstwhile that was intelligibly not the case. The societal media tract said it ne'er claimed the vulnerabilities were fixed.

Hive Social’s idiosyncratic basal reportedly doubled successful the past fewer weeks, going from astir 1 cardinal to 2 cardinal arsenic of past week, according to Business Insider. Despite the monolithic growth, the societal media tract continued to beryllium staffed by conscionable 2 people, neither of whom had overmuch of a inheritance successful security.

Representatives of some Hive Social and Zerforschung didn’t respond to questions sent by email.

While determination are nary reports that the vulnerabilities were actively exploited, there’s nary mode astatine the infinitesimal to regularisation that out. Anyone with a Hive Social relationship should beryllium prepared for the anticipation that the information they provided during sign-up, arsenic good arsenic backstage messages, whether deleted oregon not, person been obtained.

The acquisition from this lawsuit further supports proposal Ars gave connected Tuesday concerning Mastodon, different societal media tract that has besides seen skyrocketing idiosyncratic numbers successful the aftermath of the Twitter takeover by Musk. Put thing connected the tract that you wouldn’t caput being public. Confidential accusation should ne'er beryllium enactment successful nonstop messages oregon immoderate different place. Here’s hoping Hive Social users already knew that.

Read Entire Article