The team at the newly popular Twitter alternative Hive is in over its head. The company has now taken the fairly radical step of fully shutting down its servers for a couple of days in response to concerns raised by security researchers who discovered a number of critical vulnerabilities on Hive, several of which they say remain unfixed. The issues they found would allow attackers access to all data, including private posts and messages, shared media and even deleted direct messages, as well as the ability to edit other people’s Hive posts.
The researchers, a part of a German collective called Zerforschung, claimed they confidentially reported the security vulnerabilities to Hive’s team, noting it was initially difficult to reach a point of contact at the company. Several days later, Hive replied, claiming the issues to be fixed, a Zerforschung blog post explains. However, the researchers found this was not the case, so they took their concerns to the public, warning people against using Hive’s app.
Shortly after, Hive announced it was temporarily shutting down its servers to address these problems. It also claimed, across several tweets, that they never told the researchers the issues were “fixed” but that they were “fixing” them, eventually deciding to go offline until problems were addressed.
It’s an unusual way to patch bugs, to say the least, and one that raises questions about the development workflow at the company. Is there not a dev environment where code is fixed, then staged for a release? How bad was the code that it requires a full stop of company operations to rework it?
These aren’t the first concerns that have been raised about Hive in the weeks following its rapid growth, which has been fuelled by Elon Musk’s acquisition of Twitter. Today, a number of Twitter users are unhappy with the direction Musk is taking the social network and have been seeking alternatives. This has led to sizable boosts to the user bases of other social apps, including Mastodon, CoHost, Tumblr, Counter Social, Post News, Koo and Hive, among others.