Share this article on:
Roll20 sends an alert to its users warning of a breach impacting personal data, IP addresses, and the last four digits of credit cards.
Digital role-playing tool Roll20, popular among players of games such as Dungeons & Dragons and many others, has sent emails to some of its customers warning of a data breach.
The email was sent out today, 3 July, and while the platform does not mention the scope of the breach, it is aware of what data has been compromised.
According to the email, Roll20 discovered a compromised administrative account on 29 June at 6:30pm. An hour later, Roll20 blocked all access to that account and began an investigation into the incident.
“Following our investigation, we learned that the unauthorised third party had access to administrative tools, which may have resulted in the exposure of personal information, such as your: first and last name, email address, last known IP address, and the last four digits of your credit card (solely if you had a stored payment with us),” Roll20 said in its email, which was forwarded on to Cyber Daily by a colleague.
“Notably, the compromised administrative tooling did not expose your password or your full payment information, such as your address or credit card number.
“While we have no reason to believe that your personal information has been misused, we are notifying you out of an abundance of caution,” Roll20 said.
Roll20 added that its users can open a ticket at https://help.roll20.net to view a copy of the specifically compromised data.
Roll20 is a digital, online platform for playing tabletop role-playing games in a virtual tabletop, and it became particularly popular during lengthy COVID-19 quarantines. First launched in 2012, the platform had more than 8 million users globally as of March 2021.
A 2018 data breach on the platform saw the data of 4 million users compromised at the time, with similar data breached.
No threat actor has yet claimed responsibility for the incident.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.