Hive is adding ~500k users daily, passing the 1 million user mark on Monday and then 2 million users earlier today. They're supported only by the 24-year-old founder, two employees, and zero moderators.
It's completely irresponsible for them to have unlimited signups when they can't possibly handle abuse, harassment, scams, spam, disinformation, or illegal content. https://www.businessinsider.com/twitter-competitor-hive-social-run-by-24-year-old-founder-2022-11
who could have ever predicted a student coding project with three people working on it and over 2 million users would have multiple critical vulnerabilities?
"The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login." https://zerforschung.org/posts/hive-en/
Dieser Artikel ist auch auf deutsch erschienen. Update: The vulnerabilities are currently no longer exploitable because Hive deactivated their servers. More details Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is βHive Socialβ, which reached more than a million users in the last weeks. Of course, we were interested and took a look at Hive from a security standpoint. We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to fix them within the next two days. However after those two days, multiple vulnerabilities we reported were not fixed and still existed at the time of writing. β οΈ We strongly advise against using Hive in any form in the current state.
Andy Baio
Nate Smith