from the and-now-for-something-completely-like-so-many-others dept.
[Editor's Note: This is not connected to the Kodi Linux Operating System. JR]
Bleeping Computer reports that Kodi has revealed (on 8 April 2023) that their forum [N.B. the forum itself is now gone and replaced with a blog post about the breach] database was breached and is for sale online.
From the Bleeping Computer article:
The Kodi Foundation has disclosed a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online.
Kodi is a cross-platform open-source media player, organizer, and streaming suite, that supports a vast array of third-party add-ons enabling the users to access content from various sources or customize their experience.
The now-shut down Kodi forum has roughly 401,000 members who used it to discuss media streaming, exchange tips, offer support, share new add-ons, and more in 3 million posts.
According to an announcement published by the platform on Saturday, hackers stole the forum database by logging into the Admin console using an inactive staff member's credentials.
Once they gained access to the admin panel, they created and downloaded database backups multiple times in 2023.
"MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February," explains Kodi in a message to its users.
"The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database."
The Kodi team confirmed that the actual account owner did not perform these actions on the admin console, indicating that the staff member's credentials were likely stolen.
"If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site."
So Soylentils, do (or, in the case of the forum, did) you use Kodi or, more importantly, their forum?
If so, will this breach affect how/whether or not you (continue) to use Kodi?
(Score: 5, Insightful) by WizardFusion on Saturday April 15, @01:13PM (3 children)
I think I may have used the Kodi forum in the past, but I let my password manager handle the username and passwords for every site I register with. Completely unique for each site. Unique email addresses to for each one so that if I do get spam, I know where it came from and can block it forever.
(Score: 0, Offtopic) by Anonymous Coward on Saturday April 15, @04:03PM
I think I have one too. I use unique passwords, not emails though.
(Score: 2) by hendrikboom on Wednesday April 19, @03:11AM (1 child)
Looking for a password manager that can securely transmit passwords over a network.
Not someone else's network or server; My network and server. And preferably distributed automatically among a small number of computers in case of catastrophic failure (like distributed revision control).
(Score: 2) by WizardFusion on Wednesday April 19, @03:01PM
I currently use KeePassXC with the single-file database stored on my NAS.
I have a self-hosted BitWarden instance (but using the Vaultwarden docker container instead of the BitWarden one) and am looking to migrate across to it.
(Score: 0) by Anonymous Coward on Sunday April 16, @06:15PM (1 child)
Random unknown forum gets hacked?
(Score: 0) by Anonymous Coward on Monday April 17, @01:31AM
https://kodi.tv/download/ [kodi.tv]
Does it hurt when you talk out of your ass like that? It definitely stinks.