The favored on-line tabletop and role-playing sport platform Roll20 introduced on Wednesday that it had suffered a data breach, which uncovered some customers’ private info.
In a put up revealed on its official web site, Roll20 stated that on June 29 it had detected {that a} “dangerous actor” gained entry to an account on the corporate’s administrative web site for one hour, after which the corporate “blocked all unauthorized entry and ended the community breach.”
“The dangerous actor modified one person account, and we promptly reversed these modifications. Throughout this time, the dangerous actor was in a position to entry and examine all person accounts,” the corporate wrote.
The hacker, in line with Roll20, “could have been in a position to view” customers’ private info, together with full identify, electronic mail handle, last-known IP handle, and the final 4 digits of their bank card, if the person had saved a cost methodology on their account. The corporate added that the hacker didn’t have entry to passwords or full cost info like house addresses and full bank card numbers.
Roll20 stated it’s notifying customers of the breach. A number of customers shared screenshots of the e-mail notification on social media. A information.killnetswitch reporter additionally acquired the identical notification.
Roll20 spokesperson Jayme Boucher didn’t reply to a collection of questions from information.killnetswitch, together with what number of customers in complete had been affected, what number of customers had their final 4 digits of their bank card stolen, how the hacker gained entry to the executive account, and whether or not the corporate has any info on who the hacker or hackers had been.
Roll20 says on its web site that it has 12 million customers and that it’s “the No. 1 selection for D&D on-line.”
“We actually remorse that this incident occurred on our watch. Though we’ve got no proof that any of the info is being misused, and no passwords or card numbers had been uncovered, we consider within the significance of being clear with our customers about any potential publicity of their private info,” Boucher instructed information.killnetswitch in an electronic mail. “We’re nonetheless investigating and don’t have additional particulars to share at the moment past what we shared in our electronic mail notification. We prioritized being as clear as potential as shortly as potential, and that’s why we notified customers at present.”
In 2019, information.killnetswitch reported {that a} hacker had stolen greater than 600 million data from 24 web sites, together with Roll20. The hacker listed 4 million data from the corporate on the time.