The Kodi Basis has disclosed a data breach after hackers stole the group’s MyBB discussion board database containing consumer knowledge and personal messages and tried to promote it on-line.
Kodi is a cross-platform open-source media participant, organizer, and streaming suite, that helps an enormous array of third-party add-ons enabling the customers to entry content material from numerous sources or customise their expertise.
The now-shut down Kodi discussion board has roughly 401,000 members who used it to debate media streaming, alternate suggestions, provide assist, share new add-ons, and extra in 3 million posts.
In accordance with an announcement printed by the platform on Saturday, hackers stole the discussion board database by logging into the Admin console utilizing an inactive employees member’s credentials.
As soon as they gained entry to the admin panel, they created and downloaded database backups a number of occasions in 2023.
“MyBB admin logs present the account of a trusted however at the moment inactive member of the discussion board admin crew was used to entry the web-based MyBB admin console twice: on 16 February and once more on 21 February,” explains Kodi in a message to its customers.
“The account was used to create database backups which have been then downloaded and deleted. It additionally downloaded current nightly full-backups of the database.”
The Kodi crew confirmed that the precise account proprietor didn’t carry out these actions on the admin console, indicating that the employees member’s credentials have been doubtless stolen.
The stolen database accommodates all public discussion board posts, employees discussion board posts, non-public messages despatched between customers, and discussion board member knowledge, together with usernames, e-mail addresses, and encrypted (hashed and salted) passwords generated by the MyBB (v1.8.27) software program.
Whereas the passwords have been hashed and salted, Kodi warns that every one passwords ought to now be thought-about compromised. The admin crew is planning a world password reset that can inevitably impression service availability.
“Customers should assume their Kodi discussion board credentials and any non-public knowledge shared with different customers by way of the user-to-user messaging system is compromised,” warns Kodi’s announcement.
“If in case you have used the identical username and password on another web site, you need to comply with the password reset/change process for that web site.”
In an replace printed earlier immediately, Kodi’s directors knowledgeable the group that they’re commissioning a brand new discussion board server regardless of seeing no proof or indicators of compromise on the present programs.
The discussion board will likely be redeployed utilizing the newest accessible MyBB model. This comes with a heavy workload required to include customized practical adjustments and backport security fixes, so a delay of “a number of days” is to be anticipated.
Kodi can be taking the weird method of sharing a listing of uncovered e-mail addresses related to discussion board accounts with the Have I Been Pwned data breach notification service.
As soon as this knowledge is loaded in Have I Been Pwned, subscribers of the HIBP service will obtain a notification if their e-mail handle was a part of the uncovered knowledge.
In case you are not an HIBP subscriber, you can too enter your e-mail handle on the positioning to see a listing of all data breaches that include your e-mail handle.
Lastly, the Kodi crew plans to run penetration assessments as soon as every thing is up and operating once more. They’re calling skilled auditors who might volunteer to donate a while and experience to assist them with this cybersecurity challenge.
Kodi knowledge marketed on a hacking discussion board
The Kodi Group says they disclosed the breach after studying that hackers have been promoting the stolen database on-line.
BleepingComputer has since discovered from cyberintelligence firm KELA that the ‘Kodi Group Discussion board’ database was being bought in February on the now defunct Breached hacking discussion board.
Supply: BleepingComputer
The vendor, Amius, claimed they have been promoting a database dumped on February fifteenth, 2023, containing the knowledge for 400,314 Kodi discussion board members, together with the knowledge for “many iptv resellers.”
The vendor was accepting provides privately by way of Telegram, so there isn’t any info on the price of the database.
Breached was a preferred hacking and knowledge leak discussion board identified for internet hosting, leaking, and promoting knowledge obtained from breached corporations, governments, and numerous organizations.
The Breached web site shut down after its founder and proprietor, Pompompurin, was arrested by the FBI.
Whereas one other admin generally known as Baphomet tried to maintain the positioning operational, they later shut it down out of worry that legislation enforcement had entry to the servers.
Replace 4/12/23: Added information about the place database was being bought
