The Kodi forum (MyBB) is a place where about 400,000 users of the Kodi open source media player come together to share tips on customizing their home theater experience. But when a cache of MyBB user data popped up for sale on an Internet forum, team Kodi took a closer look and realized there had been a major breach.
Logs revealed that a former MyBB admin’s account was hijacked to access the admin console on both Feb. 16 and Feb. 21, the Kodi Foundation said in a statement announcing the breach on April 8.
“The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database,” the Kodi statement said.
That means all public forum posts, team forum posts, user-to-user messages, and user data, including username, email address, and hashed passwords were compromised, Kodi added.
An April 11 update on the breach by the Kodi Foundation said the forums were being migrated to new servers and will run on an updated version of MyBB software, and the forums will remain offline for several days during the migration.
“As part of the redeployment we will restrict and harden access to the MyBB admin console, revise admin roles to reduce privileges wherever possible, and improve audit logging and backup processes,” the statement added.
In the meantime, Kodi Foundation has shared breach data with the haveibeenpwned disclosure site and vowed to share password reset information as soon as the forums are back up. Additionally, the forum wiki is being moved to a new host, the statement added.
