Roll20 Data Breach: Tabletop Platform Reveals 'Bad Actor' Gains Access to User Account
Popular online tabletop platform Roll20 sent shivers down the spines of Dungeons & Dragons enthusiasts worldwide after announcing a data breach on Wednesday, July 3.
The company confirmed unauthorized access to its administrative account, potentially exposing user data. However, the "bad actor" behind the cyberattack is not yet identified.
In its incident report posted on its website, Roll20 revealed that an unauthorized individual, referred to as a "bad actor," gained access to an administrative account on June 29th. This breach lasted for roughly an hour before the company took swift action, blocking unauthorized access and closing the network vulnerability. While the compromised account was swiftly disabled, the intruder may have viewed all user data during that window.
While the full extent of the breach is still under investigation, Roll20 confirmed the following user data might have been accessed:
More importantly, Roll20 clarifies that passwords, full credit card information, and billing addresses remain secure.
Here are some key steps to take after the Roll20 data breach:
Roll20 is currently investigating the breach and has notified affected users. While details remain limited, the company prioritizes transparency and user safety.
"We truly regret that this incident occurred on our watch. Although we have no evidence that any of the data is being misused, and no passwords or card numbers were exposed, we believe in the importance of being transparent with our users about any potential exposure of their personal information," Boucher told TechCrunch in an email.
The Roll20 data breach serves as a reminder of the importance of online security. By taking the steps mentioned above and remaining vigilant, you can minimize the potential impact on your personal information.
In other news, Cloudflare revealed a tool to combat data-scraping bots, per Tech Times.