Provider of open source media player software Kodi has confirmed a data breach after a threat actor stole the company’s MyBB forum database containing user data and private messages.
“MyBB admin logs show a trusted but currently inactive forum admin team member account used to access the web-based MyBB admin console twice: on 16th February and again on 21st February,” Kodi said in an advisory.
Threat actors then abuse these accounts to create database backups which are then downloaded and deleted. Also downloaded is a full nightly database backup. The account in question has now been deactivated.
Overnight backups contain all public forum posts, team forum posts, messages sent via user-to-user messaging systems, and user information such as forum usernames, email addresses used for notifications, and generated encrypted (hashed and salted) passwords by MyBB software.
Kodi said there was no evidence the threat actor managed to gain unauthorized access to the underlying server hosting the MyBB software. It is further stressed that the legitimate account owner has not committed any malicious actions in the admin console, indicating theft of credentials.
Out of an abundance of caution, maintainers say work is underway to initiate a global password reset. Users are advised to change their password on other sites if the same password has been used.
For a while, the company has taken over kodi forums and noted that it was in the process of commissioning a new server, expected activity to last “a few days”. It also plans to reuse forums on the latest version of MyBB software.
As an added security measure, Kodi strengthened access to the MyBB admin console, revised admin roles to limit privileges, and improved audit logging and backup processes.