A data breach at The Kodi Foundation forum has exposed the personal info of over 400,000 users.
The non-profit organization is the developer of the Kodi media center, a free and open-source software entertainment hub and media player.
According to a breach notice published April 8, the Kodi Team learned of unauthorized access after a data dump of its forum user base (MyBB) was offered for sale online.
Kodi’s post also revealed how the criminals used compromised admin credentials to infiltrate their systems and steal user data:
“MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February,” the notice reads. “The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full-backups of the database.”
Stolen data includes all public forum posts, private messages sent through the user-to-user messaging system, usernames, email addresses, and encrypted (hashed and salted) passwords generated by the MyBB (v1.8.27) software.
“At the current time, we have found no evidence of unauthorized access to the underlying server that hosts the MyBB software,” the Kodi team added.
In the aftermath of the breach, the developer has shut down and the forum, which was home to over 3 million posts, is working to perform a global password reset, as it is assumed that “all passwords are compromised” despite being stored in an encrypted format.
“The forum server has been taken offline while this activity completes. This will also impact the Kodipastebin and wiki sites,” Kodi explained. “There is currently no time estimate for the forum server being online again; our focus is being thorough, not being quick.”
All users are advised to change passwords for any other platform that has the same login credentials as their Kodi forum account. Once the forum is back online, all users will receive instructions on how they can reset their password.
Kodi said it is also in the process of sharing a list of all exposed email addresses with Have I Been Pwned to spread awareness.
Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection. The dedicated identity protection service helps you stay on top of data breaches and privacy threats, with 24/7 monitoring and instant alerts whenever your personal information is at risk. Moreover, you get recommendation steps you can take for each of your exposed accounts, depending on the type of compromised information.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024