400K User Records and Private Messages Stolen

April 14, 2023Rabbi LakshmananData Breach / Cyber ​​Security

Kodi, an open source media player software provider, has confirmed a data breach after attackers stole the company’s MyBB forum database containing user data and private messages.

Additionally, unknown actors attempted to sell a data dump containing 400,635 Kodi users on the now-defunct BreachForums cybercrime marketplace.

“MyBB admin logs show that the account of a trusted but currently inactive member of the forums administration team was used to access the web-based MyBB admin console twice: on February 16th and It’s February 21st.

The attackers then abused the account to create database backups, download them, and delete them. It also downloaded his existing nightly full backup of the database. The account in question is currently disabled.

The nightly backup includes all public forum posts, team forum posts, messages sent through user-to-user messaging systems, as well as forum usernames, email addresses used for notifications, encrypted (hashed and salted) contained user information such as passwords. MyBB software.

Kodi says it has no evidence that the attackers gained unauthorized access to the underlying servers hosting the MyBB software. Additionally, it highlights that the legitimate account holder did not perform any malicious actions in the management console, suggesting credential theft.

With due caution, the maintainer said work was underway to initiate a global password reset. Recommended.

In the meantime, the company has taken down the Kodi forums, noting that it is in the process of commissioning a new server. This is an activity that is expected to last “several days”. We are also planning to redeploy the forums with the latest version of MyBB software.

As an additional security measure, Kodi is tightening access to the MyBB admin console, revising administrator roles to limit privileges, and improving audit logs and backup processes.