Kodi confirmed a data breach in the user forum. The development team was made aware of the hack after it was circulated for sale on the darknet.
The Kodi software, (latest version is the Kodi 20), was not affected by the breach.
Initial investigation into the matter revealed that the attacker compromised an account of an inactive forum administrator, and managed to gain access to the administrator console twice. This happened in mid-February 2023.
The administrator account was used to back up the databases, which the attacker then downloaded.
Kodi disabled the account to prevent future access to its systems once it discovered the breach. It also "carried out an initial review of the team's infrastructure accessed by the team member," reported the incident to UK police and notified the UK Information Commissioner's Office.
The backups of the database circulating on the darknet "contain all public forum posts, all group forum posts, all messages sent through thechangeof user-to-user messages, user data, such as forum name, email address that usesfor notifications and an encrypted (hashed and salted) password generated by the MyBB software (v1.8.27)”.
Forum users should assume that their "Kodi forum credentials and any private data shared with other users through the user-to-user messaging system has been compromised."
Although the passwords are encrypted, Kodi considers them compromised and should be changed.
Kodi announced the following measures to address the breach:
- All exposed email data will be shared with Have I Been Pwned, a website that shows whether an email address has been part of a breach.
- Planning to perform a password reset. This will reset all passwords and prevent further breaches or access to personal data. Kodi forum users should also change their passwords on other services if they used the same one.
- The forum has been upgraded to the latest version and will be offline for a few days. Access to the admin console will be further restricted and strengthened.
Passwords will likely be reset once the forum is back online. Users will be notified by email of the reset and will need to set a new password when they first visit the forum.
I had KODI on the COSMOTE VOC and all was well, it upgraded to the latest version
NEXUS 20.5 and the problems started (black screen, wouldn't close) and the uninstall, I did a new installation but when I try to install addons it gives me a message that I don't have an internet connection. I tried to install old version via DOWNLOANDER but it always installed the new version. Thanks for any solution you can suggest.
we don't have technical support, but you will find help in the team https://www.facebook.com/groups/igurugr