Roll20, an online tabletop and role-playing game platform, made a concerning announcement on Wednesday regarding a data breach. According to the company, a “bad actor” gained unauthorized access to an administrative account on June 29. Although the breach only lasted for an hour, during that time, the hacker was able to view all user accounts on the platform.
The personal information that may have been exposed includes users’ full names, email addresses, last-known IP addresses, and the last four digits of their credit card numbers, provided they had stored a payment method on their account. However, it’s important to note that passwords and full payment information such as home addresses and full credit card numbers were not accessible to the hacker.
Roll20 has taken immediate action to address the breach and is in the process of notifying affected users. Screenshots of the email notification have been circulating on social media, confirming the authenticity of the breach. A TechCrunch reporter also received the same notification, further substantiating the incident.
The company has not provided specific details about the extent of the breach or how many users were affected. TechCrunch reached out to Roll20 for more information but did not receive a response from their spokesperson, Jayme Boucher. Questions regarding the number of affected users, the number of users whose credit card information was compromised, how the hacker gained access to the administrative account, and any information about the hacker’s identity remain unanswered.
Roll20 acknowledges the severity of the incident and expresses regret that it occurred. While there is currently no evidence of data misuse and no passwords or full payment information were exposed, Roll20 believes in being transparent with its users about any potential exposure of their personal information. The company is actively investigating the breach and aims to provide further details as soon as possible.
It is worth noting that this is not the first time Roll20 has faced a data breach. In 2019, TechCrunch reported that a hacker had stolen over 600 million records from various websites, including Roll20. At that time, the hacker had listed 4 million records from the company. This previous breach raises concerns about the platform’s security measures and highlights the need for robust cybersecurity protocols.
As Roll20 continues its investigation into the recent breach, users are advised to remain vigilant and take necessary precautions to protect their personal information. This includes monitoring their accounts for any suspicious activity and updating passwords regularly.
The incident serves as a reminder of the importance of cybersecurity for online platforms and the need for companies to prioritize data protection. Users should be able to trust that their personal information is safeguarded when utilizing online services, especially those that involve financial transactions. It is crucial for companies like Roll20 to continuously enhance their security measures to prevent future breaches and maintain user confidence.
In conclusion, the recent data breach at Roll20 has raised concerns about user privacy and data security on the platform. While the extent of the breach and the number of affected users remain unclear, Roll20 has taken immediate action to address the issue and notify users. This incident emphasizes the significance of transparency, accountability, and robust cybersecurity measures for online platforms. Users are advised to remain vigilant and take necessary precautions to protect their personal information.