Monday, October 7, 2024
HomeCyber AttackKodi Hacked - Attackers Stole the Forum Database

Kodi Hacked – Attackers Stole the Forum Database

Published on

The Kodi Foundation learned that a dump of the Kodi user forum, MyBB software, was being sold on online forums.

Kodi is a multi-platform, open-source media player, manager, and streaming suite. It supports a wide range of third-party add-ons, which give users access to content from numerous sources and let them personalize their viewing.

A total of 3 million posts were made on the Kodi forum by its 401,000 users, who used it to talk about media streaming, share new add-ons, offer help, and more.

- Advertisement - EHA

Attackers Stole the Forum Database by Logging into the Admin Console

Reports say MyBB admin logs reveal that on February 16 and February 21, the web-based MyBB admin console was accessed using the account of a reliable but presently inactive member of the forum admin team.

Database backups were made using the account, downloaded, and then removed. It also downloaded the database’s existing nightly full backups. The account owner indicated they did not perform these operations using the admin console.

The admin team disabled the compromised account after this incident and started to investigate.

“The nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software”, according to Kodi Forum Data Breach Notification.

Kodi has not yet discovered proof of unauthorized access to the MyBB software server.

Kodi cautions that even if the passwords were hashed and salted, they should all now be regarded as compromised. The admin team is planning a global password reset that may unavoidably affect service availability.

“Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised,” suggest Kodi.

“If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site.”

Setting Up a New Forum Server

The administrators of Kodi told the community earlier today that they are setting up a new forum server even though they have not detected any indications of intrusion on the current ones.

With the most recent MyBB release, the forum will be relaunched. A delay of several days is expected because there is a lot of work to backport security fixes and incorporate customized functional modifications.

Also, Kodi is adopting the uncommon step of providing the Have I Been Pwned data breach reporting service with a list of exposed email addresses linked to forum accounts.

Subscribers of the Have I Been Pwned service will be notified if their email address was among the exposed data once this data has been placed into HIBP. If you don’t subscribe to HIBP, you may still input your email address to view a list of all data breaches that include it.

“The admin team would like to conduct formal penetration testing once the forum and other services are back online,” Kodi said.

Struggling to Apply The Security Patch in Your System? – 

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to...

19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519

A critical vulnerability in Zimbra's postjournal service, identified as CVE-2024-45519, has left over 19,600...

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...