Kodi, the provider of open-source media player software, has confirmed a data breach in which the company’s MyBB forum database was stolen, including user data and private messages.
In addition, unidentified threat actors attempted to sell the data dump, comprising 400,635 Kodi users, on the now-obsolete BreachForums cybercrime marketplace.
“The MyBB admin logs indicate that a trusted but currently inactive member of the forum admin team’s account was used to access the web-based MyBB admin console twice: once on February 16 and again on February 21,” stated Kodi in an advisory.
The threat actors then exploited this account to create database backups that were subsequently downloaded and erased. Existing nightly full backups of the database were also downloaded. The account involved has now been deactivated.
The nightly backups included all public forum posts, team forum posts, messages sent via the user-to-user messaging system, and user information such as forum username, notification email address, and an encrypted (hashed and salted) password generated by the MyBB software.
Kodi confirmed there is no evidence to suggest threat actors managed to gain unauthorized access to the server hosting the MyBB software. They further emphasized that the legitimate account owner did not perform malicious actions on the admin console, indicating credential theft.
As a precautionary measure, the maintainers are initiating a global password reset. Users are advised to change their passwords on other sites if they have used the same password.
In the meantime, the company has temporarily disabled the Kodi forum, noting that they are in the process of setting up a new server – a task expected to take “several days”. They also plan to relaunch the forum on the latest version of the MyBB software.
Kodi is also implementing additional security measures, such as strengthening access to the MyBB admin console, revising admin roles to restrict privileges, and enhancing audit logging and backup procedures.