Online tabletop role-playing game platform Roll20 discloses data breach

0


Popular online tabletop and role-playing game platform Roll20 announced on Wednesday that its data had been leaked, exposing personal information of some users.

In a post published on its official website, Roll20 said that on June 29 it discovered that a “bad guy” gained account access to the company’s administrative website for an hour, after which the company “blocked all unauthorized access and eliminated the network breach.”

“The bad actor made changes to a user account and we immediately rolled back those changes. During this time, the bad actor accessed and viewed all user accounts,” the company wrote.

According to Roll20, the hacker “could see users’ personal information”, including full name, email address, last known IP address, and the last four digits of their credit card, if the user had a payment method stored in their account. The hacker did not have access to full payment information such as passwords or home addresses and full credit card numbers, the company said.

Roll20 said it was notifying users about the breach. Several users shared screenshots of the email notification on social media. A TechCrunch reporter also received the same notification.

Roll20 spokesperson Jamie Boucher did not respond to a number of questions from TechCrunch, including how many users in total were affected, how many users had the last four digits of their credit cards stolen, how the hacker gained access to the administrative account, and whether the company had any information about who the hacker or hackers were.

Roll20 says on its website that it has 12 million users and is the “No. 1 choice for online D&D.”

“We are truly sorry that this incident occurred under our watch. Although we have no evidence that any data was misused, and no passwords or card numbers were exposed, we still believe in the importance of being transparent with our users about any potential exposure of their personal information,” Boucher told TechCrunch in an email. “We are still investigating and at this time we have no further details to share beyond what we shared in our email notification. We prioritized being as transparent as possible as quickly as possible, and that’s why we notified users today.”

In 2019, TechCrunch reported that a hacker had stolen more than 600 million records from 24 websites, including Roll20. The hacker had cataloged 4 million records of the company at the time.



Source link

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *