Roll20 Data Breach Exposes User Information
The popular online tabletop and role-playing game platform Roll20 recently disclosed a data breach that resulted in the exposure of some users’ personal information.
According to Roll20’s official website, the breach occurred when a “bad actor” gained unauthorized access to an administrative account on June 29. The breach was detected within an hour, and access was promptly blocked to prevent further intrusion.
The hacker managed to modify one user account and view all user accounts during the breach. While users’ personal information such as full names, email addresses, last-known IP addresses, and the last four digits of credit cards may have been accessed, Roll20 assured that passwords and full payment information like home addresses and complete credit card numbers were not exposed.
Roll20 is currently notifying affected users about the breach, with many users sharing screenshots of the email notification on social media platforms. However, Roll20 spokesperson Jayme Boucher declined to provide specific details about the breach, including the total number of affected users, how the hacker gained access, or their identity.
As a platform with 12 million users and a reputation as the top choice for D&D online, Roll20 expressed regret over the incident but emphasized their commitment to transparency in addressing the situation. Despite no evidence of misuse of the stolen data, the company believes in informing users about any potential exposure of their personal information.
Roll20’s recent data breach is not the first time the platform has faced security issues. In 2019, a hacker reportedly stole over 600 million records from various websites, including Roll20, further highlighting the importance of safeguarding user information in the digital age.