Security News > 2023 > April > Kodi discloses data breach after forum database for sale online

The Kodi Foundation has disclosed a data breach after hackers stole the organization's MyBB forum database containing user data and private messages and attempted to sell it online.

The now-shut down Kodi forum has roughly 401,000 members who used it to discuss media streaming, exchange tips, offer support, share new add-ons, and more in 3 million posts.

"MyBB admin logs show the account of a trusted but currently inactive member of the forum admin team was used to access the web-based MyBB admin console twice: on 16 February and again on 21 February," explains Kodi in a message to its users.

The stolen database contains all public forum posts, staff forum posts, private messages sent between users, and forum member data, including usernames, email addresses, and encrypted passwords generated by the MyBB software.

"Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised," warns Kodi's announcement.

Kodi is also taking the unusual approach of sharing a list of exposed email addresses associated with forum accounts with the Have I Been Pwned data breach notification service.

News URL

https://www.bleepingcomputer.com/news/security/kodi-discloses-data-breach-after-forum-database-for-sale-online/