This week, Kodi, an open source home theater software developer, announced that it has begun rebuilding its user forum following a data breach that occurred on February 2023. Last week, it was disclosed that a threat actor had advertised a dump of Kodi’s user forum (MyBB) software on underground forums, offering the data of 400,000 users, including those on the now-defunct BreachForums cybercrime website. It was determined that the attackers had compromised the account of an inactive administrator and accessed the web-based MyBB admin console on February 16 and 21, creating database backups and downloading existing nightly full backups.
Kodi has stated that all passwords, as well as user private data, should be considered compromised, including the information shared via the user-to-user messaging system. The admin team was working on performing a global password reset. On Tuesday, Kodi announced that it was working on commissioning a new forum server, an operation that was initially planned before discovering the incident. This requires the extraction and review of all differences between the latest MyBB release and the fork that Kodi maintains, which includes numerous functional changes and backported security fixes.
In order to improve security, Kodi is taking measures to harden access to the MyBB admin console and is revising admin roles, as well as improving audit logging and backup. Furthermore, in order to ensure that all users are aware of the data breach, Kodi has shared the compromised email addresses with the Have I Been Pwned breach disclosure website and will send email notifications to all users once the new forum server is up and running. It is worth noting that the forum had over 400,000 members.
Kodi has additionally announced that the wiki is being moved to another server host. A review of the code files has been completed and it will be redeployed using the latest MediaWiki version. Kodi recognises that the wiki is the go-to Kodi info resource for many users and is aiming to bring it online again as a priority. The paste server will also be moved and restored, although this is less urgent.