Kodi rebuilds forum server following breach affecting 400K users

Data transfer by optical fibre on core network switch tagging with word DATA BREACH. selective focus shot

Open source media software developer Kodi said it is commissioning a new forum server in response to a data breach of its user forum (MyBB) software that was confirmed earlier last week.  

The breach was first disclosed on Apr. 8, after a team at Kodi noticed a cache of MyBB user data has been advertised for sale on internet forums. The incident has exposed information of 400,635 Kodi users, according to the data breach disclosure website haveibeenpwned.   

All public forum posts, user-to-user messages, user data, forum username, the email address used for notification, and an encrypted password generated by the MyBB (v1.8.27) software, have been compromised, Kodi said in an Apr. 8 statement.  

The database was obtained by attackers compromising a trusted but inactive forum member account and accessing the web-based MyBB admin console on Feb. 16 and Feb.21. 

“The account was used to create database backups which were then downloaded and deleted. It also downloaded existing night full-backups of the database,” said the company, adding that the account has now been disabled. 

“At the current time, we have found no evidence of unauthorized access to the underlying server that hosts the MyBB software.”  

While Kodi claimed that the existing system remains safe, in an Apr. 11 update, the team said it has started rebuilding a new forum server on the latest version of MyBB software.  

The redeployment is “not a simple task” which requires “several days more work,” Kodi said. The forum will remain offline until it is completed.  

“[redeployment] requires us to extract and review all differences between the latest MyBB release and the fork we maintain, which includes numerous functional changes and backported security fixes,” the Apr. 11 update noted.  

“As part of the redeployment, we will restrict and harden access to the MyBB admin console, revise admin roles to reduce privileges wherever possible, and improve audit logging and backup processes.”  

The team is still looking for the best way to perform a global password reset and promises to provide users with instructions once the forum comes back. Users who have applied the same usernames and passwords on other sites should immediately reset the information.  

The company will also continue sharing exposed email address data with haveibeenpwned to raise awareness.  

The current forum server was hosted in the UK. Kodi said it has notified the UK Information Commissioner’s Office of the breach and filed a report to the UK police. 

Menghan Xiao

Menghan Xiao is a cybersecurity reporter at SC Media, covering software supply chain security, workforce/business, and threat intelligence. Before SC Media, Xiao studied journalism at Northwestern University, where she received a merit-based scholarship from Medill and Jack Modzelewski Scholarship Fund.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.