Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
Create a free account

The site breach

1550188103
David
Sheet Author
So what should we be doing while you look into this?
Also, will roll20 add 2-factor authentication?
1550189682

Edited 1550189977
It is unlikely that any user action is needed.  Again, the amount of possible data in this is quite limited-- passwords are salted, financial data is not stored with us, and so on.  This is much more about Roll20 checking vulnerabilities right now. We'll report back on our findings as soon as possible. EDIT: As for two-factor authentication, we regularly discuss this and other possible security features for the site. That has not yet concretely made the road map, but we have several updates related to continual security improvements happening this year that we view as a priority.  If two-factor or any other concrete security practices are something you're passionate about, please let us know more via the Suggestions Forum .
1550200194

Edited 1550200210
You should absolutely change your password for this website, simply for the sake of safety and being sure.  The simple fact is that the database was stolen, and you shouldn't trust a hacker's inability to get any useful out of the salted database any more than you should trust the hacker's inability to steal the database to begin with. Change your password, and if you have any websites that use your email as the login ID with the same password as roll20, change that password too.  Nolan may be right, maybe this action won't be needed - but don't trust a hacker, or the groups that the hacker is usually selling those databases to, not to get around a security feature.  It's what they do.