Kodi, the home media-making software, disclosed last week that it faced a massive data breach in February.
The disclosure comes after a threat actor began selling the data of over 400,000 Kodi users on underground but public forums, including an old cybercrime website that’s no longer used, called BreachForums. After hacking into the account of a prior administrator, the threat actors were able to access the administrator controls of the user forum software, MyBB. According to a release from Kodi, they accessed the admin controls between Feb. 16 through Feb. 21.
Full database backups were created for the website, containing critical user information usernames, email addresses, and an encrypted password generated by the MyBB software. It also included every public forum post, team forum post, and every message sent through the user-to-user messaging system.
“Although MyBB stores passwords in an encrypted format we must assume all passwords are compromised.” Kodi said in a release.
The report goes on to explain that all users must assume that their messaging, username, and password have been compromised — if you use the same credentials on other websites, you should immediately reset/change them on each website.
The Kodi forums are currently offline while they review the best ways to perform a global password reset — meanwhile, they’ve disabled the account used in the breach and conducted a review of the infrastructure they could access. While the website is offline, it also affects the Kodi pastebin and wiki sites.
The company is currently designing another forum and has not seen any evidence of other compromises to their existing system, but they had already been planning to move to new infrastructure. They offered no time estimations, instead telling customers that their focus isn’t on speed, but on security.
“Once the Kodi forum comes back online, we will provide instructions on how to complete a reset of your Kodi forum password,” Kodi said.