Kodi says email IDs and passwords of all MyBB forum users have been compromised

 

After conducting an investigation, the company was able to confirm that the account of a former administrator of its MyBB forum was used to illegally access the MyBB database twice; on 16 February and again on 21 February.

“The account was used to create database backups which were then downloaded and deleted. It also downloaded existing nightly full backups of the database. The account owner has confirmed they did not access the admin console to perform these actions.

“The admin team have disabled the account used in the breach and have conducted an initial review of team infrastructure the team member had access to,” Kodi said.

“The nightly full backups that were downloaded expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software,” the company added.

Kodi believes that all MyBB passwords have been compromised as a result of the security incident, even though they were encrypted. The company is now working to “perform a global password reset and how best to assure the integrity of the server host and associated software.” As of now, the forum server has been taken offline with no estimated date for bringing it back online.

In a separate update, Kodi said that it is in the process of commissioning a new forum server and redeploying the forum on the latest version of MyBB software. The process of migration will take days and till the work is completed, Kodi has decided to keep the MyBB forum offline.

The company says it did not find any evidence of unauthorised access to the current server that hosts the MyBB software. Since the server was hosted in the UK, it notified the UK Information Commissioner’s Office as well as law enforcement agencies about the data breach.

Kodi is also sharing the compromised email address data with the breach disclosure website haveibeenpwned so that MyBB forum users can enter their email addresses on the website to check if they were compromised.