Kodi developers warned users about the evil of the forum

Short description

The forum of Kodi, a free and open-source media player software, has suffered a major data breach, along with the project’s wiki site and the Pastebin service. Hackers put the forum’s user base up for sale, and the data taken included private messages, email addresses, and password hashes. The forum server is offline, the wiki site will be moved to another server, and user passwords will be changed. Kodi 20.0 was released in January, offering users features such as live TV watching and management of a media collection. The recovery is expected to take a few days.

Kodi developers warned users about the evil of the forum

The developers of the Kodi open media center reported that the forum forum.kodi.tv, the Pastebin service paste.kodi.tv and the project wiki site kodi.wiki were hacked. Hackers put the forum’s user base up for sale.

The last traces of the attackers’ activity were recorded on February 16 and 21. In the thread of the forum there were data about the login to the interface of one of the inactive administrators. The hackers then created and downloaded a backup copy of the database, as well as nightly full backups. The account owner himself confirmed that he had not taken any actions with the forum these days. The data uploaded by the attackers included a complete archive of all public and private discussions, private messages and user database (names, email addresses and password hashes).

A check of the system environment showed that there was no compromise of the operating system and no actions beyond the administrative interface of the forum.

While the forum server has been taken offline to perform a complete reinstallation of the software used on it.

The Pastebin and Wiki services, which are considered potentially compromised, were organized on the same server.

After the software is restored, it is planned to organize the change of user passwords. They will also be sent individual notices of compromise.

Kodi forum users who have been using the same password on different sites are advised to change it urgently.

Recovery will take several days. The wiki site will be moved to another server and updated to the new release of the MediaWiki engine, as will the Pastebin service.

In January, Kodi 20.0 was released with an interface for watching Live TV and managing a collection of media files, as well as navigating through TV shows, an electronic TV guide, and organizing video recordings by schedule.

Related posts