mxtiffanyleighHive Social's "critical security vulnerabilities" (which were reported but not yet acted upon) include:
"Allowing [potential] attackers to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login.
"Attackers can also [overwrite data [aka edit] - such as posts owned by other users."
โ ๏ธ Warning: do not use Hive Social ๐๐๐
Dieser Artikel ist auch auf deutsch erschienen. Update: The vulnerabilities are currently no longer exploitable because Hive deactivated their servers. More details Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is โHive Socialโ, which reached more than a million users in the last weeks. Of course, we were interested and took a look at Hive from a security standpoint. We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to fix them within the next two days. However after those two days, multiple vulnerabilities we reported were not fixed and still existed at the time of writing. โ ๏ธ We strongly advise against using Hive in any form in the current state.
jordanherron