Kodi confirms user forum data breach
Kodi, maker of the popular entertainment center app, confirmed a data breach of its user forum software earlier this week. The development team became aware of the hack after a dump of the Kodi user forum was offered for sale on the darknet.
Note: Kodi software, the latest release is Kodi 20, was not affected by the breach in any way.
Initial investigation into the matter revealed that the attacker breached a forum admin account of an inactive, but trusted, member, and managed to access the admin console twice. This happened in mid-February of 2023.
The admin account was used to create backups of the databases, which were then downloaded.
Kodi disabled the account in question to prevent future access to the systems, once it became aware of the incident. It also "conducted an initial review of team infrastructure the team member had access to", reported the incident to the UK police and notified the UK Information Commissioner's Office.
The downloaded database backups "expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software".
Users of the forum should assume that their "Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised".
While passwords are encrypted, Kodi considers them compromised and thus burned. Kodi announced the following plans to deal with the breach:
- All exposed email data will be shared with Have I Been Pwned, a site to check, whether an email address has been part of a breach.
- Kodi plans to perform a global password reset. This resets all passwords and prevents further compromise or access to personal data. Kodi forum users need to change passwords at other services, if they re-used the password.
- The latest version of the forum software is redeployed currently. Since this means comparison with the old version, the forum will remain offline for a few days at least. Access to the admin console will be further restricted and hardened.
The global password reset will likely happen once the forums go back online. Users will be informed by email about the reset, and they need to set a new password on the first visit to the forum.
Now You: are you a Kodi user?Advertisement