Roll20, an online tabletop simulation game platform, discloses a data breach

Popular online tabletop and role-playing game platform Roll20 announced on Wednesday that it had suffered a data breach, exposing the personal information of some users.

In a statement published on its official website, Roll20 said on June 29 that it discovered that a “bad actor” gained access to an account on the company's website for one hour, after which the company “blocked all unauthorized access and hung up.” network breach.”

“A bad actor modified one user account, and we immediately reversed those changes. During this time, the bad actor was able to access and view all user accounts,” the company wrote.

The hacker, according to Roll20, “may have been able to view” users' personal information, including their full name, email address, last known IP address, and the last four digits of their credit card, if the user saved the payment. way to their account. The company added that the hacker did not have access to passwords or full payment information such as home addresses and full credit card numbers.

Roll20 said it is notifying users of the breach. Several users shared screenshots of the email notification on social media. A TechCrunch reporter also received a similar notice.

Roll20 spokesperson Jayme Boucher did not respond to a series of questions from TechCrunch, including how many users in total were affected, how many users had their last four credit card numbers stolen, how the hacker gained access to the administrator account, and whether the company has any information of who the hijackers or hijackers were.

Roll20 claims on its website that it has 12 million users and that it is the “No. 1 for D&D online.”

“We deeply regret that this incident happened on our watches. While we have no evidence of any data being misused, and no passwords or card numbers were exposed, we believe in the importance of being transparent with our users about any potential disclosure of their personal information,” Boucher told TechCrunch in an email. . “We are still investigating and do not have any additional information to share at this time beyond what we shared in our email notification. We made it a priority to be as transparent as possible as soon as possible, which is why we notified users today.”

In 2019, TechCrunch reported that a hacker stole more than 600 million records from 24 websites, including Roll20. The hacker wrote 4 million records from the company during that time.