Public Profile Glitch

I was looking at one of my player's profiles, and was able to see people they have recently played with (which is not supposed to be shown to the public), I am able to write or replace player bios, see email addresses, and ban both account and IP.  I feel like there may be a security glitch.  This happens on every profile I happen to click on, Including myself

I see the same thing. I hope this is fixed soon. I don't like the fact that people can see private information about other accounts.

I'm having the same issue. I also agree, not really liking I'm able to see all this.

Yeah its with everyone, every single person using Roll20 has their private information on full display to everyone else right now. Please raise some noise, this is a huge fuckup.

Trevor S. said: Yeah its with everyone, every single person using Roll20 has their private information on full display to everyone else right now. Please raise some noise, this is a huge fuckup. I sent them a message on Twitter. I'm not sure how else to get their attention faster.

If only they had real contact options and actual customer support so we can directly tell them when they advertise our private information like this. What asshats.

Trevor S. said: If only they had real contact options and actual customer support so we can directly tell them when they advertise our private information like this. What asshats. I have to agree. The lack of contact options is really bad, especially in a situation like this.

Same here,  I tried reaching out via PM so the whole world wouldn't know, but I have no way of knowing whether or not I'm pm'ing someone who's on duty right now.

Some kid is gonna use this to go on a random banning spree. Guys please make noise, dont let them sweep this under the rug, this is a HUGE fuckup and their intentional lack of communication is only compounding the issue.  This is a serious fucking problem Roll20.

Now that it's out here, guess we should keep bumping it until someone notices...

Trevor S. said: Some kid is gonna use this to go on a random banning spree. Guys please make noise, dont let them sweep this under the rug, this is a HUGE fuckup and their intentional lack of communication is only compounding the issue.  This is a serious fucking problem Roll20. Which is one of the main reasons I decided to say something, aside from all of the private information being exposed.

The fact that this is the best way to deal with an intense massive huge security breach is ridiculous.

I took a risk and tried banning myself for a day, and thankfully it didn't actually work, also tried changing display/info too and it does nothing from the public profile side of things, so a slim sigh of relieve for that?  But yeah, the other information that can be seen... yikes. 

Agreed,  I didn't spend all of this money on Roll20 to get my shit banned or hacked.

I just sent an email to&nbsp;<a href="mailto:team@roll20.net" rel="nofollow">team@roll20.net</a> as well. I found this email address on Reddit.

Reloads said: I took a risk and tried banning myself for a day, and thankfully it didn't actually work, also tried changing display/info too and it does nothing from the public profile side of things, so a slim sigh of relieve for that?&nbsp; But yeah, the other information that can be seen... yikes.&nbsp; I guess that is good, at least.&nbsp; It almost feels like everyone is set to Moderator to be able to do that.

If they were easier to contact it wouldnt be an issue. I understand this is probably just a mistake no biggie, but this is just highlighting how horrible their contact methods are. Since we are the ones who are having information given out without our permission right now, and they have deliberately made it harder for us to get them to fix their shit for them, they need to get on this immediately.

Thank you Drespar. i know ive been kind of a dick about it, its just frustrating that theres not a better way to get a hold of you when clearly things can happen that are a big enough deal for us to need to. Fortunately none of the powers seem to work but still.&nbsp; Thanks for gettin on it!

I think the biggest concern is that we can all see the Email, Last Time Logged In, and all previous Names Used for everyone right now. Like, its a Stalker's paradise at the moment. Also we can see all the games theyve been in before and we can see if they have been kicked from any games. Its way too much info.