Fashionable on-line tabletop and role-playing sport platform Roll20 introduced on Wednesday that it had suffered a knowledge breach that uncovered the private data of some customers.
In a message revealed on the official web siteRoll20 mentioned it found on June 29 that an “attacker” had gained entry to an account on the corporate’s administrative web site for one hour, after which the corporate “blocked all unauthorized entry makes an attempt and stopped the community breach.”
“The attacker modified one consumer account, and we rapidly reverted these adjustments. At the moment, the attacker was in a position to entry and consider all consumer accounts,” the corporate wrote.
The hacker, based on Roll20, “was in a position to view” customers’ private data, together with their full identify, e mail handle, final recognized IP handle, and the final 4 digits of their bank card if the consumer had saved a fee technique to their account. The corporate added that the hacker didn’t have entry to passwords or full fee data, reminiscent of house addresses and full bank card numbers.
Roll20 mentioned it could notify customers of the leak. Some customers basic screenshots of the e-mail notification on social media. A TechCrunch reporter additionally obtained the identical notification.
Roll20 spokesman Jamie Boucher didn’t reply to a variety of questions from TechCrunch, together with what number of customers had been affected in complete, what number of customers had their final 4 bank card digits stolen, how the hacker gained entry to the executive account, and whether or not the corporate has any details about who the hacker or hackers had been.
Roll20 claims on its web site that it has 12 million customers and is “the #1 selection for on-line D&D.”
“We sincerely remorse that this incident occurred earlier than our eyes. Whereas we have now no proof that any information was misused, and no passwords or card numbers had been uncovered, we consider it is very important be clear with our customers about any potential publicity of their private data,” Boucher instructed TechCrunch in an e mail. “We’re nonetheless investigating and don’t have any further particulars to share right now past what we shared in our e mail notification. We now have made it a precedence to be as clear as potential as quickly as potential, which is why we notified customers right this moment.”
In 2019, TechCrunch reported {that a} hacker had breached Over 600 million information stolen from 24 web sitestogether with Roll20. The hacker listed 4 million information of the corporate on the time.