Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Social Networks Security

Hive Social Turns Off Servers After Researchers Warn Hackers Can Access All Data (arstechnica.com) 73

An anonymous reader quotes a report from Ars Technica: Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts. "The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages," the advisory, published on Wednesday by Berlin-based security collective Zerforschung, claimed. "This also includes private email addresses and phone numbers entered during login." The post went on to say that after the researchers privately reported the vulnerabilities last Saturday, many of the flaws they reported remained unpatched. They headlined their post "Warning: do not use Hive Social." Hive Social responded by pulling down its entire service. "The Hive team has become aware of security issues that affect the stability of our application and the safety of our users," company officials wrote. "Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience."

Technical details are being withheld to prevent the active exploitation of them by malicious hackers. According to Business Insider, Hive Social's user base has doubled in the last few weeks, going from about 1 million to 2 million as of last week. The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars.
This discussion has been archived. No new comments can be posted.

Hive Social Turns Off Servers After Researchers Warn Hackers Can Access All Data

Comments Filter:
  • Twitter Engineers (Score:3, Interesting)

    by Hotice919 ( 1003185 ) on Friday December 02, 2022 @08:07AM (#63096232)
    I heard that there may be some experienced social media network engineers in the market for a career change. Just sayin'.
    • by fazig ( 2909523 )
      If they are idealistic enough to work for free for some time, maybe.
      Because Hive Social probably can't pay them in the foreseeable future.
      • They might be willing to spend some time on Mastodon.
        • Because they prefer their views silenced by the social network administrator? Seriously, who really has a problem with free speech on Twitter? Slash dot has swastika ascii art on practically every story. It is modded down as a troll all the time, but never removed. It shouldnâ(TM)t be removed. Never interrupt a fool when he is displaying his stupidity.

          To advocate that an authority (government or otherwise, I know the 1st amendment is for governments only, dont care) should be moderating their social
          • by dbialac ( 320955 )
            Well when you're afraid to have your BS views confronted, you have to resort to censorship. If you don't, reality might get in the way, and this applies universally regardless of political affiliation.
      • As a giant "fuck you" to Musk? Yeah, I could even see that happen.

        • Re:Twitter Engineers (Score:4, Interesting)

          by fazig ( 2909523 ) on Friday December 02, 2022 @08:24AM (#63096268)
          I've heard before that a lot of people working for twitter did so mostly for idealistic reasons and accepted bad pay. Which is supposedly one of the reason why they didn't return even if they were offered their job back. I'm not sure how true that is.
          But of course that makes it at least plausible to assume that some of them would work for free for a competitor just to spite Musk.
          Though if they believe in Hive Social that much, I'm not sure.
          • A quick google says software engineers make about $150K there. I wouldn't call that charity work. But it's also not the kind of pay that would compel me to work 80 hour weeks. Or even move to the Bay Area. On the other hand for those who were 100% WFH, I'd guess it might not be easy to secure something comparable long-term.
        • As a giant "fuck you" to Musk? Yeah, I could even see that happen.

          Most people are not all-consumed by irrational hatred as you are.

          Stop using your life as a platform of hate, use it to support the things you love and forget about what you hate.

          • Comment removed based on user account deletion
            • by Shaitan ( 22585 )

              That isn't a fair characterization of what happened at Twitter. The staff had been massively expanded in recent years while the company had not... they hired a bunch of people they didn't need and Musk simply brought it back to those levels. He had no choice or the company wouldn't be able to make debt payments.

          • I do.

            I love to hate people.

        • Comment removed based on user account deletion
      • > If they are idealistic enough to work for free for some time, maybe.

        They got 90 days' severance pay.

        Good enough for a well-organized sprint.

        • And then what? (Score:1, Insightful)

          by SuperKendall ( 25149 )

          They got 90 days' severance pay.
          Good enough for a well-organized sprint.

          Yes, and then?

          I'm not sure if you've looked for a job recently - especially a higher end tech job - but that takes time now, a lot of time with rounds of interviews.

          If you have 90 days maybe you can take a month off to relax or do whatever, but you don't really have 90 days and then you start looking, unless you want to start eating into savings...

          And with all the FAANG companies freezing hiring or dropping people, your choices are more

          • My linkedin and email seem to say otherwise. I get no less than 8 invitations to interview for positions that would meet my minimum pay needs a month. Yes the FAANG companies are frozen for a bit, but there is a huge vacuum of talent in the rest of the market. My last round of interviews (which was less than 4 months ago) took 3 weeks to go from the recruiter reaching out to me on linkedin to a job offer acceptance. They know they have to move fast and they are.

      • by Shaitan ( 22585 )

        Twitter engineers? You've got that reversed, they collect a paycheck without working.

    • I heard that there may be some experienced social media network engineers in the market for a career change. Just sayin'.

      "The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars."

      Remind me again why Twitter needed tens of thousands of employees...?

      • How many people does it take to keep a database program that serves one liners?
        Look at Ardupilot. Run by a handful of very talented people. Tridge, Randy...
        When you look around at life, aren't the millions of aggregate projects going a collection of strong individual efforts?
        Think about it, an experienced garbage man, a hunter... they're all proficient in what they do. Mike Rowe tried to point that out.
        If you put two unmotivated unknowledgeable people in a position, they will fail like what happened. On the

        • by dbialac ( 320955 )
          Craigslist is another example of this.
        • If you put two unmotivated unknowledgeable people in a position, they will fail like what happened.

          I think that's a bit unfair to the Hive guys, I imagine they are actually highly motivated, just as you said unknowledgeable in terms of security.

          However it sure seems like you'd have to be REALLY ignoring security to make it so that arbitrary calls from a user could look at any data in the system. Or maybe that was even by initial design, to be open??? Seems unlikely.

          Anyway, I think the Hive guys at least d

      • "The site is only being staffed by two people, "neither of whom had much of a background in security," reports Ars."

        Remind me again why Twitter needed tens of thousands of employees...?

        To pay for mostly female curators. The vast bulk of those fired were non-technical staff: HR, curators, account managers, etc. Some coders and sysadmins were pushed out, but they were a minority of those shown the door.

      • I don't know about thousands, but the fact this happened to hive shows you need at least more than 2.

    • There must be a more correct title than "engineer" for people who do computer stuff.
  • by Anonymous Coward

    Nothing? Nothing at all?

    Then stop pretending they're special. Just admit anyone can access all data. And yes, that's plenty big enough to shut everything down.

    Next question: Why did nobody notice this before?

  • Bold Action (Score:5, Insightful)

    by bill_mcgonigle ( 4333 ) * on Friday December 02, 2022 @09:26AM (#63096382) Homepage Journal

    Good for them - many would try to hide it and limp along. Kudos for taking bold action.

    It's interesting that The Hive is aptly named for the kind of users they're trying to attract; the mental model of humans being in a bee hive is often used by those who eschew individualism.

    The Internet done right has people of certain types finding each other and leaving the rest alone whenever possible.

  • "Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter...is only being staffed by two people..."

    For anyone who might still view Elon stepping in and firing thousands upon thousands of Twitter employees as horrifically evil, keep in mind a rising competitor was chugging along with two fucking people.

    Even the bloated .bomb company looks like a svelte Olympian compared to that kind of corporate obesity.

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!

Working...