Roll20, a well-liked on-line tabletop platform for role-playing video games (RPGs), revealed on July 3 that its methods had been breached.
It mentioned a “unhealthy actor” gained unauthorized entry to the corporate’s administrative web site on June 29 and will view and entry all person accounts, exposing Roll20 customers’ personally identifiable info (PII).
Names, Electronic mail and IP Addresses, and Partial Financial institution Knowledge Uncovered
The info involved embody customers’ first and final names, e-mail addresses, the final recognized IP handle and the final 4 digits of the bank card of customers who maintained a saved cost methodology of their Roll20 account.
The corporate added that neither the customers’ passwords, protected by a salt and a bcrypt hash, nor cost full info have been uncovered.
“We don’t retailer that info on our servers, it’s saved with our cost processors,” the agency defined.
“Whereas we’ve got no motive to imagine that your private info has been misused, we’re notifying you so that you’ve got the knowledge and instruments mandatory to assist detect and forestall any misuse of your private info,” it added.
Roll20 instructed board sport information web site Dicebreaker that its person base had reached 10 million individuals in 2022. The platform now claims 12 million customers on its web site.
A Roll20 spokesperson contacted by the media didn’t disclose the whole variety of customers affected by the breach.
Roll20 Applied a Submit-Incident Motion Plan
In its security advisory, Roll20 mentioned that its safety workforce seen the compromise at roughly 6.30 pm Pacific Customary Time on June 29.
“The unhealthy actor modified one person account, and we promptly reversed these modifications. By 7.30 pm [the same day] we had blocked all unauthorized entry and ended the community breach,” the advisory reads.
Roll20 didn’t share who the hackers have been nor how they gained entry to the corporate’s administrative portal.
Nevertheless, the corporate confirmed it began implementing an motion plan following the incident, which incorporates:
- Additional proscribing entry to the executive accounts to stop unauthorized account entry
- Additional proscribing the info that an administrative person can entry
- Including enhanced safety measures as wanted to stop this incident from taking place once more
Roll20 customers can contact the corporate through https://help.roll20.net with the topic line ‘Incident Knowledge Request.’
Read more: Discord.io Halts All Operations After Massive Data Breach
