Popular online board game and RPG platform Roll20 announced Wednesday that it suffered a data breach that exposed the personal information of some users.
In a post published on its official websiteRoll20 said that on June 29, it detected that a “bad actor” gained access to an account on the company’s management website for one hour, after which the company “blocked all unauthorized access and ended the network breach.”
“The bad actor modified a user account and we immediately reversed those modifications. During this time, the bad actor was able to access and view all user accounts,” the company wrote.
The hacker, according to Roll20, “may have been able to see” users’ personal information, including their full name, email address, last known IP address and last four digits of their credit card, if the user had saved a payment method on their account. The company added that the hacker did not have access to passwords or full payment information, such as home addresses and full credit card numbers.
Roll20 said it is notifying users of the breach. Enough users shared screenshots of email notification on social media; A TechCrunch reporter also received the same notification.
Roll20 spokesperson Jayme Boucher did not respond to a series of questions from TechCrunch, including how many users were affected in total, how many users had the last four digits of their credit card stolen, how the hacker gained access to the manager account, and whether the company has information about who the hacker or hackers were.
Roll20 states on its website that it has 12 million users and is “the #1 choice for D&D on the web.”
“We are truly sorry that this incident happened on our watch. While we have no evidence that any of the data is being misused and no passwords or card numbers were exposed, we believe in the importance of being transparent with our users about any potential exposure of their personal information,” Boucher told TechCrunch in an email. . “We are still investigating and have no further details to share at this time beyond what we shared in our email notification. We’ve made it a priority to be as transparent as possible, which is why we notified users today.”
In 2019, TechCrunch reported that a hacker had stolen more than 600 million files from 24 websites, including Roll20. The hacker recorded 4 million records from the company at the time.
