Roll20 platform for tabletop games reports data breach
Learn More
Roll20, a widely-used platform for online tabletop and role-playing games, reports a data breach that exposed some user personal information.
The breach occurred on June 29, when a hacker gained access to an account on Roll20's administrative website for one hour before the company blocked the unauthorized access.
During the breach, the hacker modified one user account, but Roll20 quickly reversed these changes. The hacker may have been able to view the personal information of all users, including:
- Full name
- Email address
- Last-known IP address
- Last four digits of credit cards (if stored in the user's account)
Roll20 claims that passwords, full payment information, home addresses, and complete credit card numbers were not accessed.
Roll20 has not disclosed the total number of affected users, how the hacker gained access to the administrative account, or any information about the identity of the hacker. They state that there is no evidence that any personal data has been misused.
Roll20 has notified users of the breach vie email and has advised users to implement two-factor authentication (2FA) for enhanced security.
