Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

400,000 Users Hit by Data Breach at Media Player Maker Kodi

Media player maker Kodi has started rebuilding its user forum after hackers stole databases containing user posts, messages, and login credentials.

Open source home theater software developer Kodi this week announced that it has started rebuilding its user forum following a February 2023 data breach.

The incident was disclosed last week, after a threat actor started advertising on underground forums a dump of Kodi’s user forum (MyBB) software. The hacker offered the data of 400,000 Kodi users, including on the now-defunct BreachForums cybercrime website. 

The attackers compromised the account of an inactive administrator and accessed the web-based MyBB admin console on February 16 and 21, creating database backups and downloading existing nightly full backups.

“The nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software,” Kodi said last week.

All passwords, the software maker said, should be considered compromised, the same as user private data, including the information shared via the user-to-user messaging system. The admin team was working on performing a global password reset, Kodi said last week.

On Tuesday, Kodi announced that it was working on commissioning a new forum server, an operation that was initially planned before discovering the incident.

“We have chosen to redeploy the forum on the latest version of MyBB software. This requires us to extract and review all differences between the latest MyBB release and the fork we maintain, which includes numerous functional changes and backported security fixes,” Kodi announced this week.

Advertisement. Scroll to continue reading.

To improve security, Kodi is hardening access to the MyBB admin console and revising admin roles and is also improving audit logging and backup.

To ensure that all users are aware of the data breach, Kodi is sharing the compromised email addresses with the Have I Been Pwned breach disclosure website and will send email notifications to all users once the new forum server is up and running. The forum had over 400,000 members.

“The wiki is being moved to another server host. A review of the code files has been completed and it will be redeployed using the latest MediaWiki version. We recognise the wiki is the go-to Kodi info resource for many users and we aim to bring it online again as a priority. The paste server will also be moved and restored but this is less urgent,” Kodi announced.

Related: Yum Brands Discloses Data Breach Following Ransomware Attack

Related: 4.8 Million Impacted by Data Breach at TMX Finance

Related: 500k Impacted by Data Breach at Debt Buyer NCB

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.

Cybercrime

Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.