Kodi, a provider of open source media player software, has acknowledged a security breach in which hackers accessed their MyBB forum database containing private messages and user data. Additionally, the attackers tried to sell the data dump containing 400,635 user records on a defunct cybercrime marketplace called BreachForums.
Kodi’s investigation revealed that the breach occurred when a trusted but inactive member of the forum admin team’s account was used to access the MyBB admin console twice on 16th and 21st February, as per their advisory.
Kodi, an open-source media player software provider, confirmed a data breach where hackers stole the company’s MyBB forum database. The database contained user data and private messages, which were then sold on the now-defunct BreachForums cybercrime marketplace.
The hackers gained access to the web-based MyBB admin console twice in February by using the account of a trusted but inactive member of the admin team. The account was used to create database backups, including nightly full backups, which contained all public and team forum posts, user-to-user messages, and user information.
However, there is no evidence that the hackers accessed the underlying server. Kodi advised that work is underway to initiate a global password reset, and users are recommended to change their passwords on other sites if the same password has been used.
For the time being, the Kodi forum has been removed and the company is creating a new server, which is expected to take a few days. They plan to restore the forum using the latest version of MyBB software. Kodi is also taking additional security measures such as tightening access to the MyBB admin console, limiting admin privileges, and enhancing audit logging and backup processes.