Open source home theater software developer Kodi is working to rebuild its user forum following a significant data breach in February 2023. The incident came to light after a threat actor advertised a database dump of Kodi’s MyBB user forum software on underground forums. The breach compromised the data of approximately 400,000 Kodi users, including forum usernames, email addresses, encrypted passwords, and user-to-user messaging content.
According to Kodi’s official announcement, the attackers compromised the account of a trusted but currently inactive member of the forum admin team, accessing the web-based MyBB admin console on February 16 and 21, 2023. Using the account, the threat actor created database backups, downloaded, and deleted them, along with downloading existing nightly full-backups of the database.
Kodi has emphasized that MyBB stores passwords in an encrypted format, but users must assume all passwords are compromised. The admin team has taken the forum server offline and is investigating how to perform a global password reset and assure the integrity of the server host and associated software. Kodi’s pastebin and wiki sites are also affected by the server being taken offline.
To address the situation, Kodi is commissioning a new forum server and has chosen to redeploy the forum on the latest version of MyBB software. The process involves reviewing differences between the latest MyBB release and Kodi’s custom fork, which includes functional changes and backported security fixes. As part of the redeployment, Kodi will restrict and harden access to the MyBB admin console, revise admin roles to reduce privileges, and improve audit logging and backup processes.
Kodi has notified the UK Information Commissioner’s Office of the breach and filed a report with the UK police. Exposed email addresses have been shared with the breach disclosure website Have I Been Pwned to increase awareness. Kodi is also investigating how to best send a notification and password reset advice email to users once the forum is online again.
In addition to these measures, Kodi aims to conduct formal penetration testing of its infrastructure once the forum and other services are back online. The company is reaching out to professionals and companies offering pentest services, inviting them to donate time and expertise to help audit the infrastructure.
As Kodi continues to rebuild its user forum, the focus is on implementing enhanced security measures and restoring trust in the community. Users are encouraged to remain vigilant and follow password reset procedures once the forum is back online