The favored on-line tabletop and role-playing recreation platform Roll20 introduced on Wednesday that it had suffered an information breach, which uncovered some customers’ private info.
In a submit revealed on its official web site, Roll20 stated that on June 29 it had detected {that a} “dangerous actor” gained entry to an account on the corporate’s administrative web site for one hour, after which the corporate “blocked all unauthorized entry and ended the community breach.”
“The dangerous actor modified one consumer account, and we promptly reversed these modifications. Throughout this time, the dangerous actor was in a position to entry and think about all consumer accounts,” the corporate wrote.
The hacker, based on Roll20, “might have been in a position to view” customers’ private info, together with full identify, electronic mail deal with, last-known IP deal with, and the final 4 digits of their bank card, if the consumer had saved a cost methodology on their account. The corporate added that the hacker didn’t have entry to passwords or full cost info like residence addresses and full bank card numbers.
Roll20 stated it’s notifying customers of the breach. A number of customers shared screenshots of the e-mail notification on social media. A TechCrunch reporter additionally acquired the identical notification.
Roll20 spokesperson Jayme Boucher didn’t reply to a sequence of questions from TechCrunch, together with what number of customers in complete have been affected, what number of customers had their final 4 digits of their bank card stolen, how the hacker gained entry to the executive account, and whether or not the corporate has any info on who the hacker or hackers have been.
Roll20 says on its web site that it has 12 million customers and that it’s “the No. 1 selection for D&D on-line.”
“We really remorse that this incident occurred on our watch. Though we’ve got no proof that any of the info is being misused, and no passwords or card numbers have been uncovered, we imagine within the significance of being clear with our customers about any potential publicity of their private info,” Boucher instructed TechCrunch in an electronic mail. “We’re nonetheless investigating and don’t have additional particulars to share at the moment past what we shared in our electronic mail notification. We prioritized being as clear as attainable as rapidly as attainable, and that’s why we notified customers immediately.”
In 2019, TechCrunch reported {that a} hacker had stolen greater than 600 million information from 24 web sites, together with Roll20. The hacker listed 4 million information from the corporate on the time.
