Hive Social got popped already

Warning: do not use Hive Social:

We found a number of critical vulnerabilities, which we confidentially reported to the company. After multiple attempts to contact the company we finally reached them by phone and they acknowledged the report. After multiple days and multiple reminders by us, they claimed to have fixed all issues. However multiple vulnerabilities we reported still exist at the time of writing.

The issues we reported allow any attacker to access all data, including private posts, private messages, shared media and even deleted direct messages. This also includes private email addresses and phone numbers entered during login.

Attackers can also overwrite data such as posts owned by other users.

TheHIVE_Social:

The Hive team has become aware of security issues that affect the stability of our application and the safety of our users. Fixing these issues will require temporarily turning off our servers for a couple of days while we fix this for a better and safer experience

To their credit, it sounds like pulling the plug entirely was the right move, and most companies would not have done that. Even if they only did it not when they found out, but only after someone created a PR disaster to force their hand. One takes what one can get.

However, that does not change the fact that (as I said earlier this week) they are yet another data silo whose lock-in design is antithetical to the principles of openness and interoperability that are the good things that the Internet and the World Wide Web brought to the world.

Previously, previously, previously.

Tags: , , , , ,

3 Responses:

  1. 2

    ...  yet another data silo whose lock-in design is antithetical to the principles of openness and interoperability that are the good things that the Internet and the World Wide Web brought to the world.

    Up until pretty recently, I would have been nodding along in agreement with this. But more and more in the last couple of years, I have found myself thinking "rough consensus and running code turned out to not be such great acceptance criteria for something that was going to be critical infrastructure." It's what got us where we are today.

    I suppose, like democracy, the open internet is the worst of worlds, except for all of the alternatives.

    • elm says:
      1

      It seems to me those elements of working code and rough consensus aren't what went to shit.

      Someone Else's Computer and an attempt to invent Noncopyable Bits have gone pretty badly.

  • Previously