Liam @ GamingOnLinux ๐Ÿง๐ŸŽฎNov 30, 2022

You really don't want to be using Hive social.

https://zerforschung.org/posts/hive-en/

โš ๏ธ Warning: do not use Hive Social ๐Ÿ‘‰๐Ÿ๐Ÿ‘ˆ

Dieser Artikel ist auch auf deutsch erschienen. Update: The vulnerabilities are currently no longer exploitable because Hive deactivated their servers. More details Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is โ€œHive Socialโ€, which reached more than a million users in the last weeks. Of course, we were interested and took a look at Hive from a security standpoint. We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to fix them within the next two days. However after those two days, multiple vulnerabilities we reported were not fixed and still existed at the time of writing. โš ๏ธ We strongly advise against using Hive in any form in the current state.

Show threadfigmentpuddingDec 1, 2022

@gamingonlinux They announced on Twitter an hour ago that they're shutting down their servers for a couple days to fix things.

I mean, is it ideal or perfect? No, but it's also a bit unheard of.

Show threadDeb
@figmentpudding @gamingonlinux The issue is more on that they were reminded about it for couple of days, claimed to have fixed it, and are only just now taking down the servers because this has gone public.
Dec 1, 2022 at 2:16amWeb
Show threadfigmentpuddingDec 1, 2022

@deb @gamingonlinux

I'm just making sure folks are aware that (whether it's altruistic or "forced") Hive IS taking action on this, since the post and replies made it seem like they were continuing to ignore it.