Roll20, the popular online tabletop and role-playing game platform, announced on Wednesday that it had experienced a data breach, resulting in the unauthorized disclosure of certain users’ personal information.
Roll20 revealed on June 29 that it had identified and responded to a “network breach” involving an “unhealthy actor” who accessed its administrative website for approximately one hour before being blocked from further unauthorized access.
“The malicious individual attempted to manipulate a user’s profile, but our swift action ensured the integrity of their online identity was restored.” During this period, the vulnerable actor had access to sensitive information, including all personal accounts, according to the company’s report.
A potential hacker could have accessed customers’ sensitive information, including their full identity, email address, last known IP address, and the final four digits of their bank card number, if they had stored a payment method on their Roll20 account. The corporation clarified that the unauthorized party did not gain access to sensitive information such as passwords or comprehensive data including home addresses and entire credit card numbers.
Roll20 has notified its customers about a security breach. Notifications for Social Media Engagement? A TechCrunch reporter also obtained the same alert.
Roll20 spokesperson Jayme Boucher declined to answer a series of questions from TechCrunch, including the total number of customers impacted, the percentage of customers whose final four bank card digits were compromised, details on how the executive account was breached, and whether the company has any information about the identity or identities of the hacker(s).
Roll20 boasts on its website that it has 12 million customers, claiming to be the number one online virtual tabletop gaming platform for playing tabletop role-playing games like Dungeons & Dragons, Pathfinder, and Starfinder. 1 selection for D&D on-line.”
“We deeply regret that this unfortunate event unfolded under our supervision.” Though we have found no evidence of misuse, nor have we discovered any compromised passwords or card numbers, we believe it’s essential to be transparent with our customers regarding the potential exposure of their personal data, says Boucher in a statement to TechCrunch. “We’re continuing to investigate this matter and currently do not have any further details to provide beyond what was included in the initial email notification.” We acted swiftly to ensure transparency, notifying customers promptly from the outset.
In 2019, TechCrunch reported that hackers had teamed up with Roll20 to breach its user database. The hacker stole approximately 4 million pieces of sensitive information from the corporation at that time.
