Twitter alternative Hive: Researchers warn of security gaps in the social media app

Enlarge image

Hive app logo: "Every hour that these issues were not closed, the danger increased"

Photo: Davide Bonaldo / SOPA Images / LightRocket via Getty Images

The IT security researchers of the »Zerforschung« collective have discovered several serious security gaps in the social media app Hive and therefore issue an »urgent« warning against using the app.

This is what the experts wrote on their website on Wednesday evening.

The vulnerabilities would have allowed potential attackers to steal all private messages, videos, images and personal information such as email addresses or phone numbers.

Even direct messages and posts that have already been deleted could be accessed remotely.

It was also possible to change contributions from other users, as the experts demonstrated in a video.

When asked by SPIEGEL, Hive founder Raluca Pop confirmed the existence of three vulnerabilities and announced that updates would fix the problems.

After Elon Musk took over Twitter in November, Hive was at the top of the App Store's download charts for a while.

According to its own statements, the app passed the one million user mark on November 21.

Security researchers are withholding details

The security researchers have written down their findings in detail in a report available to SPIEGEL.

They sent the company their documentation of the vulnerabilities on Saturday to warn them, reported "Zerforschung".

Security researchers usually give affected companies a longer period of time to fix the problems before they go public with them.

However, the decision was made to issue the current warning because the company did not react sufficiently and did not meet the deadlines it had set itself, Zerforschung told SPIEGEL.

more on the subject

• Researchers discover vulnerability: Supermarket app Flink did not adequately protect its customer data

• Data protection: Homework app Learnu stops operating after security gapsBy Hanno Böck

• Insecure Corona software: "Start-ups have goals other than the common good" An interview by Eva Wolfangel

"At least one of the vulnerabilities can actually be fixed very quickly within a few minutes," according to the security researchers.

The other gaps are also easy to close.

"Every hour that these problems were not closed, the danger increased," according to the IT experts.

Other security experts have already started to highlight the first vulnerabilities.

However, the research collective deliberately did not publish technical details about the gaps.

In this way, the aim was to prevent the privacy of users from being endangered even further, the collective said.

The group has discovered and reported various vulnerabilities at numerous companies in the past.

Hive announced on Wednesday night that it would "temporarily shut down its own servers for a few days" to fix the problems.

When all security gaps are fixed, the app will go online again.