Kodi, a free-to-use media player, organizer, and streaming suite, has suffered a data breach last week. Hackers have broken into the organization’s MyBB forum database, stealing user data and private messages. They have since attempted to sell it online.
After the Kodi team saw its data advertised online, it shut the forum down. Later, it confirmed that somebody had used an account belonging to a former admin team member to carry out the attack.
What did the attackers steal?
The organization said the account had accessed the forum twice in the past seven days, downloading nightly full-backups. It managed to steal:
- All public forum posts
- Team forum posts
- All user-to-user messages
- Email addresses
- An encrypted password generated by MyBB
However, the software maker also said that all users should assume the hackers have compromised their passwords. When disclosing the attack, the admin team said it’s working on a global password reset.
Kodi will now carry out a forum move to the latest version of MyBB. Users will be unable to access it until the task is done.
The organization also said it’ll harden access to the admin console and revise roles to ensure only those with authorization can access it. In addition, it’ll improve audit logging and backup processes.
Since Kodi had its original forum server in the UK, the organization has filed a report with the country’s police. It’s also sharing its data with haveibeenpwned to help increase awareness and prevent similar breaches from happening in the future.
Being a free-to-use program, Kodi doesn’t necessarily offer as much security as some paid platforms do. When using it to stream media, you may also consider getting one of the best VPNs for Kodi to ensure privacy.