SoylentNews

NotSanguine [soylentnews.org] writes:

Bleeping Computer reports [bleepingcomputer.com] that Kodi [kodi.tv] has revealed (on 8 April 2023) that their forum [kodi.tv] [N.B. the forum itself is now gone and replaced with a blog post about the breach] database was breached and is for sale online.

From the Bleeping Computer article [bleepingcomputer.com]:

The Kodi Foundation has disclosed a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online.

Kodi is a cross-platform open-source media player, organizer, and streaming suite, that supports a vast array of third-party add-ons enabling the users to access content from various sources or customize their experience.

The now-shut down Kodi forum has roughly 401,000 members who used it to discuss media streaming, exchange tips, offer support, share new add-ons, and more in 3 million posts.

According to an announcement published by the platform on Saturday, hackers stole the forum database by logging into the Admin console using an inactive staff member's credentials.

Once they gained access to the admin panel, they created and downloaded database backups [mybb.com] multiple times in 2023.

"MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February," explains Kodi in a message to its users.

"The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database."

The Kodi team confirmed that the actual account owner did not perform these actions on the admin console, indicating that the staff member's credentials were likely stolen.

The stolen database contains all public forum posts, staff forum posts, private messages sent between users, and forum member data, including usernames, email addresses, and encrypted (hashed and salted) passwords generated by the MyBB (v1.8.27) software.

While the passwords were hashed and salted, Kodi warns that all passwords should now be considered compromised. The admin team is planning a global password reset that will inevitably impact service availability.

"Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised," warns Kodi's announcement [kodi.tv].

"If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site."

So Soylentils, do (or, in the case of the forum, did) you use Kodi or, more importantly, their forum?

If so, will this breach affect how/whether or not you (continue) to use Kodi?

Original Submission