Hive Social, the fastest-growing social media platform since Elon Musk acquired Twitter, has a vulnerability that exposes all data stored in user accounts, a security advisory warns. service suddenly stopped on Wednesday.

The issue we reported gave attackers access to all data, including private posts, private messages, shared media and even deleted direct messages, Berlin-based security group Zerforschung said on Wednesday. The published advisory claimed. This also includes the personal email his address and phone number entered at login.

The post went on to say that many of the flaws they reported had remained unpatched after the researchers privately reported the vulnerability last Saturday. WARNING: Do not use Hive Social.

Hive Social responded by shutting down their entire service.

The Hive team is aware of security issues affecting application stability and user safety, company officials wrote. To fix these issues, you should temporarily power off the server for a few days. We will fix this issue to help provide a more comfortable and safer experience.

Zerforschung’s post states that the vulnerability is so serious that technical details are being withheld to prevent active exploitation by malicious hackers.

This chain of events raised questions about why Hive Social waited about 72 hours to shut down the site after receiving notice that most personal data was available to users for free. According to Zerforschung, after multiple iterations, Hive Social claimed to have fixed all the issues, but apparently they didn’t. The social media site said it never claimed the vulnerability had been fixed.

According to Business Insider, Hive Socials’ user base has reportedly doubled in recent weeks, up from about 1 million to 2 million as of last week. Despite its significant growth, the social media site had only two staff members, both of whom had little background in security.

Representatives from both Hive Social and Zerforschung did not respond to emailed questions.

Although there have been no reports of the vulnerability being actively exploited, there is no way to rule it out at this time. Anyone with a Hive Social account should be prepared for the possibility of her private messages being retrieved, regardless of the data they provided when signing up or whether they have been deleted.

Lessons learned from this event further corroborate advice Ars provided on Tuesday about another social media site, Mastodon. Mastodon has seen a surge in user numbers in the aftermath of Musk’s acquisition of Twitter. Don’t put anything on your site that you don’t mind making public. Never include confidential information in direct messages or anywhere else. I hope Hive Social users already know that.

