"Gamers' Data Exposed in RPG Platform Roll20 Breach"

Roll20, a popular online tabletop platform for role-playing games (RPGs), recently revealed that its systems had been breached.  The company said that a threat actor gained unauthorized access to the company’s administrative website on June 29 and could view and access all user accounts, exposing Roll20 users’ personally identifiable information (PII).  The data stolen includes users’ first and last names, email addresses, the last known IP address, and the last four digits of the credit card of users who maintained a stored payment method in their Roll20 account.  The company noted that neither the users’ passwords, protected by a salt and a bcrypt hash, nor payment complete information have been exposed.  Roll20 did not disclose how many users were affected and also did not disclose who was behind the breach.  The company confirmed it started implementing an action plan following the incident. 

 

Infosecurity Magazine reports: "Gamers' Data Exposed in RPG Platform Roll20 Breach"

Submitted by Adam Ekwall on