Security News > 2023 > April > Kodi forum breach: User data, encrypted passwords grabbed

Kodi forum breach: User data, encrypted passwords grabbed
2023-04-12 10:18

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum.

Instead, an unknown attacker used the account of a legitimate but inactive member of the forum admin team to access the MyBB admin console on two occasions: February 16 and 21, 2023.

"The nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted password generated by the MyBB software," Team Kodi further explained.

"Although MyBB stores passwords in an encrypted format we must assume all passwords are compromised," the team said, and they are keeping the forum offline until they find a way to reset all passwords.

Even though no compromise of the underlying system has been detected, the Kodi team is standing up a new forum server - just to be on the safe side.

In the meantime, users can peruse a March snapshot of the Wiki and a read-only April copy of the forum.


News URL

https://www.helpnetsecurity.com/2023/04/12/kodi-forum-breach/