Kodi forum breach exposes user data

A breach of the Kodi user forum has exposed the personal data of over 400,000 users. The web-based MyBB admin console was accessed -- on February 16 and February 21 2023 -- and the team says it first became aware of this when a dump of the forum's database was found for sale on an internet forum.

The database dump contains a wide range of user data, including names, email addresses, IP addresses, and passwords. The data was accessed using the account of a trusted but currently inactive member of the forum admin team.

SEE ALSO: Kodi 20.1 'Nexus' is finally here -- Download it NOW!

The Kodi Foundation, the non-profit organization that develops Kodi, has disabled the account used in the breach and conducted an initial review of team infrastructure.

Although passwords on the forum were stored in an encrypted format, the team says it is assuming that all passwords are now compromised.

Reporting the breach, the company says:

• The admin team are investigating how best to perform a global password reset and how best to assure the integrity of the server host and associated software. The forum server has been taken offline while this activity completes. This will also impact the Kodi pastebin and wiki sites. There is currently no time estimate for the forum server being online again; our focus is being thorough, not being quick.
• Users must assume their Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised. If you have used the same username and password on any other site, you should follow the password reset/change procedure for that site. Once the Kodi forum comes back online we will provide instructions on how to complete a reset of your Kodi forum password.

Image Credit: Wayne Williams