Kodi confirms data breach

Kodi, a provider of open source media player software, has confirmed a data breach after threat actors stole the company's MyBB forum database containing user data and private messages.

More importantly, unknown threat actors attempted to sell a data dump containing 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.

"MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February," Kodi said in an advisory.

The threat actor then misused the account to create backups of the database, then downloaded and deleted those backups. Existing nightly full backups of the database were also downloaded. The account in question has now been deactivated.

Each nightly backup contains all public forum posts, team forum posts, messages sent via the user-to-user messaging system, and user information such as forum usernames, email addresses used for notifications, and encrypted (hashed and salted) passwords generated by the MyBB software.

Kodi stated that there is no evidence that the threat actors managed to gain unauthorized access to the underlying servers hosting the MyBB software. It further emphasized that the legitimate account owner did not perform malicious actions on the management console, which suggests credential theft.

Out of an abundance of caution, the maintenance staff indicated that work is underway to initiate a global password reset. If the same password is used, users are advised to change it on another site.

In the meantime, the company shut down its Kodi forums, noting that it was debugging new servers and that the activity was expected to last " several days. It also plans to redeploy the forums on the latest version of its MyBB software.

As an additional security measure, Kodi is enhancing access to the MyBB administration console, modifying administrator roles to limit permissions, and improving audit logging and backup processes.