The favored on-line tabletop and role-playing sport platform Roll20 introduced on Wednesday that it had suffered an information breach, which uncovered some customers’ private info.
In a publish revealed on its official web site, Roll20 mentioned that on June 29 it had detected {that a} “unhealthy actor” gained entry to an account on the corporate’s administrative web site for one hour, after which the corporate “blocked all unauthorized entry and ended the community breach.”
“The unhealthy actor modified one consumer account, and we promptly reversed these modifications. Throughout this time, the unhealthy actor was in a position to entry and think about all consumer accounts,” the corporate wrote.
The hacker, based on Roll20, “might have been in a position to view” customers’ private info, together with full title, e-mail tackle, last-known IP tackle, and the final 4 digits of their bank card, if the consumer had saved a cost methodology on their account. The corporate added that the hacker didn’t have entry to passwords or full cost info like house addresses and full bank card numbers.
Roll20 mentioned it’s notifying customers of the breach. A number of customers shared screenshots of the e-mail notification on social media. A TechCrunch reporter additionally acquired the identical notification.
Roll20 spokesperson Jayme Boucher didn’t reply to a collection of questions from TechCrunch, together with what number of customers in complete have been affected, what number of customers had their final 4 digits of their bank card stolen, how the hacker gained entry to the executive account, and whether or not the corporate has any info on who the hacker or hackers have been.
Roll20 says on its web site that it has 12 million customers and that it’s “the No. 1 selection for D&D on-line.”
“We actually remorse that this incident occurred on our watch. Though we’ve no proof that any of the information is being misused, and no passwords or card numbers have been uncovered, we imagine within the significance of being clear with our customers about any potential publicity of their private info,” Boucher advised TechCrunch in an e-mail. “We’re nonetheless investigating and don’t have additional particulars to share right now past what we shared in our e-mail notification. We prioritized being as clear as potential as shortly as potential, and that’s why we notified customers right now.”
In 2019, TechCrunch reported {that a} hacker had stolen greater than 600 million information from 24 web sites, together with Roll20. The hacker listed 4 million information from the corporate on the time.
