Open media center Kodi is warning its users about a recent forum hacking, affecting its site, as well as Pastebin and Wiki-site Project. The developers learned about the breach after the sale of the Kodi forum users. An audit confirmed that the project infrastructure was compromised, with the last traces of the attackers recorded on February 16 and 21. The attackers gained access to the web-interface, creating and uploading a backup of the database and available nightly BD backups. The stolen data consisted of the full archive of all public and closed discussions, private messages and users’ base, including user names, email, and hashed passwords.
While no traces of compromising the operating system and the performing actions were revealed, Kodi has disconnected its forum server from the network and is initiating a process of reinstalling the software. The Pastebin and Wiki services were organized on the same server and are believed to be potentially compromised. After the restoration of PR is completed, Kodi plans to change user passwords and send individual notifications of the compromise. It is recommended that users who used the same password on other sites urgently change their passwords.
As Kodi stored a branch using the past version of mybb (1.8.27), synchronizing with the current version (1.8.33) will take some time, causing a delay in the recovery of the site, expected to take several days. Also, the Wiki site will be transferred to another server and updated with the fresh release of the Mediawiki engine.
Sources: