Thursday, February 13, 2025
HomeCyber AttackKodi Hacked - Attackers Stole the Forum Database

Kodi Hacked – Attackers Stole the Forum Database

Published on

SIEM as a Service

Follow Us on Google News

The Kodi Foundation learned that a dump of the Kodi user forum, MyBB software, was being sold on online forums.

Kodi is a multi-platform, open-source media player, manager, and streaming suite. It supports a wide range of third-party add-ons, which give users access to content from numerous sources and let them personalize their viewing.

A total of 3 million posts were made on the Kodi forum by its 401,000 users, who used it to talk about media streaming, share new add-ons, offer help, and more.

Attackers Stole the Forum Database by Logging into the Admin Console

Reports say MyBB admin logs reveal that on February 16 and February 21, the web-based MyBB admin console was accessed using the account of a reliable but presently inactive member of the forum admin team.

Database backups were made using the account, downloaded, and then removed. It also downloaded the database’s existing nightly full backups. The account owner indicated they did not perform these operations using the admin console.

The admin team disabled the compromised account after this incident and started to investigate.

“The nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software”, according to Kodi Forum Data Breach Notification.

Kodi has not yet discovered proof of unauthorized access to the MyBB software server.

Kodi cautions that even if the passwords were hashed and salted, they should all now be regarded as compromised. The admin team is planning a global password reset that may unavoidably affect service availability.

“Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised,” suggest Kodi.

“If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site.”

Setting Up a New Forum Server

The administrators of Kodi told the community earlier today that they are setting up a new forum server even though they have not detected any indications of intrusion on the current ones.

With the most recent MyBB release, the forum will be relaunched. A delay of several days is expected because there is a lot of work to backport security fixes and incorporate customized functional modifications.

Also, Kodi is adopting the uncommon step of providing the Have I Been Pwned data breach reporting service with a list of exposed email addresses linked to forum accounts.

Subscribers of the Have I Been Pwned service will be notified if their email address was among the exposed data once this data has been placed into HIBP. If you don’t subscribe to HIBP, you may still input your email address to view a list of all data breaches that include it.

“The admin team would like to conduct formal penetration testing once the forum and other services are back online,” Kodi said.

Struggling to Apply The Security Patch in Your System? – 

Related Read:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Palo Alto PAN-OS Zero-Day Flaw Allows Attackers to Bypass Web Interface Authentication

Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing...

Enhancing Threat Detection With Improved Metadata & MITRE ATT&CK tags

The cybersecurity landscape continues to evolve rapidly, demanding more sophisticated tools and methodologies to...

Hackers Exploit Ivanti Connect Secure Vulnerability to Inject SPAWNCHIMERA malware

In a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability...

ZeroLogon Ransomware Exploits Windows AD to Hijack Domain Controller Access

A newly intensified wave of ransomware attacks has surfaced, leveraging the infamous ZeroLogon vulnerability...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Palo Alto PAN-OS Zero-Day Flaw Allows Attackers to Bypass Web Interface Authentication

Palo Alto Networks has disclosed a zero-day vulnerability in its PAN-OS software (CVE-2025-0108), allowing...

Enhancing Threat Detection With Improved Metadata & MITRE ATT&CK tags

The cybersecurity landscape continues to evolve rapidly, demanding more sophisticated tools and methodologies to...

Hackers Exploit Ivanti Connect Secure Vulnerability to Inject SPAWNCHIMERA malware

In a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability...