The online tabletop and role-playing game platform Roll20 recently announced that it experienced a data breach, resulting in the exposure of some users’ personal information. The breach was detected on June 29th when a “bad actor” gained access to an account on Roll20’s administrative website for one hour. Roll20 took immediate action by blocking all unauthorized access and closing the network breach.
During the breach, the hacker modified one user account, which was quickly reversed by Roll20. Unfortunately, the bad actor was able to access and view all user accounts on the platform. This means that users’ personal information such as full name, email address, last-known IP address, and the last four digits of their credit card may have been compromised if they had stored payment information on their account. However, Roll20 clarified that passwords and full payment details like home addresses and complete credit card numbers were not accessed by the hacker.
Roll20 is currently in the process of notifying users about the breach, with many users sharing screenshots of the email notification on social media platforms. Despite the breach, Roll20 reassured its users that there is no evidence of data misuse and that they are committed to transparency regarding any potential exposure of personal information. The company emphasized the importance of keeping users informed and stated that they are still investigating the incident to gather more details.
In response to inquiries from TechCrunch, Roll20 spokesperson Jayme Boucher did not provide specific details such as the total number of affected users, the extent of credit card information stolen, how the hacker accessed the administrative account, or any information on the identity of the hacker(s). This lack of information has raised concerns among users about the security measures in place on the platform.
It is worth noting that this is not the first time Roll20 has faced a data breach. In 2019, a hacker stole over 600 million records from 24 websites, including Roll20, with 4 million records from the platform being listed at that time. This previous breach highlights the ongoing challenges faced by online platforms in safeguarding user data and protecting against cyber threats.
As Roll20 continues to investigate the recent data breach and work towards enhancing its security protocols, users are advised to remain vigilant and monitor their accounts for any suspicious activity. It is crucial for online platforms like Roll20 to prioritize cybersecurity measures and ensure the privacy and safety of their users’ information in the digital age.
