The favored on-line tabletop and role-playing recreation platform Roll20 introduced on Wednesday that it had suffered a knowledge breach, which uncovered some customers’ private info.
In a publish printed on its official web site, Roll20 mentioned that on June 29 it had detected {that a} “unhealthy actor” gained entry to an account on the corporate’s administrative web site for one hour, after which the corporate “blocked all unauthorized entry and ended the community breach.”
“The unhealthy actor modified one person account, and we promptly reversed these modifications. Throughout this time, the unhealthy actor was capable of entry and look at all person accounts,” the corporate wrote.
The hacker, in line with Roll20, “could have been capable of view” customers’ private info, together with full title, e-mail tackle, last-known IP tackle, and the final 4 digits of their bank card, if the person had saved a cost methodology on their account. The corporate added that the hacker didn’t have entry to passwords or full cost info like dwelling addresses and full bank card numbers.
Roll20 mentioned it’s notifying customers of the breach. A number of customers shared screenshots of the e-mail notification on social media. A TechCrunch reporter additionally obtained the identical notification.
Roll20 spokesperson Jayme Boucher didn’t reply to a collection of questions from TechCrunch, together with what number of customers in complete have been affected, what number of customers had their final 4 digits of their bank card stolen, how the hacker gained entry to the executive account, and whether or not the corporate has any info on who the hacker or hackers have been.
Roll20 says on its web site that it has 12 million customers and that it’s “the No. 1 alternative for D&D on-line.”
“We really remorse that this incident occurred on our watch. Though we now have no proof that any of the information is being misused, and no passwords or card numbers have been uncovered, we imagine within the significance of being clear with our customers about any potential publicity of their private info,” Boucher advised TechCrunch in an e-mail. “We’re nonetheless investigating and don’t have additional particulars to share at the moment past what we shared in our e-mail notification. We prioritized being as clear as potential as shortly as potential, and that’s why we notified customers immediately.”
In 2019, TechCrunch reported {that a} hacker had stolen greater than 600 million information from 24 web sites, together with Roll20. The hacker listed 4 million information from the corporate on the time.