"Kodi Forum Breach: User Data, Encrypted Passwords Grabbed"
The developers of Kodi, the widely used open-source media player app, have recently revealed a data breach of its user forum. The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a legitimate but inactive member of the forum admin team to access the MyBB admin console on two occasions, February 16 and 21, 2023. The company noted that the attacker was able to create backups of databases, which they then downloaded and deleted. Nightly full backups of the database were also downloaded. The company stated that the nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data, including forum username, the email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software. Currently, the company has found no evidence of unauthorized access to the underlying server that hosts the MyBB software. The Kodi user forum is presently inaccessible. The company stated that although MyBB stores passwords in an encrypted format, it must assume all passwords are compromised. They are keeping the forum offline until they find a way to reset all passwords. Even though no compromise of the underlying system has been detected, the Kodi team is standing up a new forum server to be on the safe side. The new server will run the latest version of MyBB software. The company noted that as part of the redeployment, they will restrict and harden access to the MyBB admin console, revise admin roles to reduce privileges wherever possible, and improve audit logging and backup processes. They’ve also notified the UK Information Commissioner’s Office about the breach and will be sharing the exposed email address data with the haveibeenpwned service, so users can assess if their account has been compromised in this data breach. Once the server is back online, users will be required to choose new passwords (they should also change the password on any other account where they used the same one as on the Kodi forum).
Help Net Security reports: "Kodi Forum Breach: User Data, Encrypted Passwords Grabbed"