The Berlin-based security collective Zerforschung found several “critical vulnerabilities” that it then reported to the company.
“The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages,” the report read. “This also includes private email addresses and phone numbers entered during login.”
The security vulnerabilities are so severe that Zerforschung stated it would not be elaborating on the findings to protect those still using the app.
However, despite the rapid expansion, Hive is run by founder Raluca Pop and just two other employees — which could contribute to the platform’s acute vulnerability to security violations.
Following the post by Zerforschung, Hive turned off its servers to address the problem and create a “better and safer experience,” the company announced on Twitter.
The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience pic.twitter.com/wOgW7ga9xN
— Hive (@TheHIVE_Social) December 1, 2022
Zerforschung reported that after various discussions with the social media platform, Hive claimed to have fixed the problem but Zerforschung quickly discovered that wasn’t the case. In response, Hive took to Twitter again to clarify that it never claimed the issues were fixed but that it was in the process of fixing them.