Popular online role-playing and tabletop gaming platform Roll20 announced on Wednesday that it had suffered a data breach, which exposed the personal information of some users.
In a post published on their official websiteRoll20 said it detected on June 29 that a “bad actor” gained access to an account on the company’s administrative website for an hour, after which the company “blocked all unauthorized access and terminated the network breach.”
“The malicious actor modified a user account and we quickly reverted those modifications. During this time, the malicious actor was able to access and view all user accounts,” the company wrote.
According to Roll20, the hacker “could have seen” users’ personal information, including full name, email address, last known IP address, and the last four digits of their credit card, if the user had stored a payment method in their account. The company added that the hacker did not have access to passwords or full payment information, such as home addresses and full credit card numbers.
Roll20 said it is notifying users about the breach. x.com/kabrutusrambo/status/1808452674733703273″>Several x.com/GaryCon/status/1808498853047652370″>users shared Screenshots of the email notification on social media. A TechCrunch reporter also received the same notification.
Roll20 spokesperson Jayme Boucher did not respond to a series of questions from TechCrunch, including how many users in total were affected, how many users lost the last four digits of their credit card, how the hacker gained access to the administrative account, and whether the company has any information about who the hacker or hackers were.
Roll20 says on its website that it has 12 million users and is “the number one choice for online D&D.”
“We sincerely regret that this incident occurred under our watch. While we have no evidence of data being misused and no passwords or card numbers were exposed, we believe in the importance of being transparent with our users about any potential exposure of their personal information,” Boucher told TechCrunch in an email. “We are continuing to investigate and have no further details to share at this time beyond what we shared in our email notification. We prioritize being as transparent as possible as quickly as possible, which is why we are notifying users today.”
In 2019, TechCrunch reported that a hacker had stolen more than 600 million records from 24 websites, including Roll20. The hacker had listed 4 million records from the company at the time.
