Popular online gaming platform Role20 announced on Wednesday that it had suffered a data breach, exposing some users’ personal information.
In a post published on her official websiteRoll20 said it discovered on June 29 that a “bad actor” had access to an account on the company’s administrative site for an hour, after which the company “blocked all unauthorized access and ended the network breach.”
“The bad actor modified one user’s account, and we immediately reversed those modifications. During this time, the bad actor was able to access and view all user accounts,” the company wrote.
According to Roll20, the hacker may have been able to view users’ personal information, including their full name, email address, last known IP address, and the last four digits of their credit card, if the user had a payment method stored on their account. The company added that the hacker did not have access to passwords or full payment information such as home addresses and full credit card numbers.
Roll20 said it is notifying users of the breach. several Users subscriber Screenshots of the email notifications on social media. A TechCrunch reporter also received the same notification.
Roll20 spokesman Jamie Boucher did not respond to a series of questions from TechCrunch, including how many users were affected, how many had the last four digits of their credit card stolen, how the hacker gained access to the admin account, and whether the company has any information on the identity of the hacker or hackers.
Roll20 says on its website that it has 12 million users and is the “#1 choice for online D&D.”
“We are truly sorry that this incident occurred while we were on the lookout for it. While we have no evidence that any data was misused, and no passwords or card numbers were exposed, we believe in being transparent with our users about any potential exposure of their personal information,” Boucher told TechCrunch in an email. “We are still investigating and do not have any further details to share at this time beyond what we shared in our email notification. We have prioritized being as transparent as possible as quickly as possible, which is why we are notifying users today.”
In 2019, TechCrunch reported that a hacker stole more than 600 million records from 24 sites, including Roll20. The hacker listed 4 million records from the company at the time.