Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account

The site breach

  1. Community Forums
  2. Specific Use Questions & Macros
  3. The site breach
1550188103
David
Sheet Author
Permalink for 7209710 Quote
So what should we be doing while you look into this?
1550189544
Bast L.
API Scripter
Permalink for 7209779 Quote
Also, will roll20 add 2-factor authentication?
1550189682

Edited 1550189977
Nolan T. J.
Roll20 Team
Permalink for 7209785 Quote
It is unlikely that any user action is needed.  Again, the amount of possible data in this is quite limited-- passwords are salted, financial data is not stored with us, and so on.  This is much more about Roll20 checking vulnerabilities right now. We'll report back on our findings as soon as possible. EDIT: As for two-factor authentication, we regularly discuss this and other possible security features for the site. That has not yet concretely made the road map, but we have several updates related to continual security improvements happening this year that we view as a priority.  If two-factor or any other concrete security practices are something you're passionate about, please let us know more via the Suggestions Forum .
1550200194

Edited 1550200210
Red Miles
Permalink for 7210234 Quote
You should absolutely change your password for this website, simply for the sake of safety and being sure.  The simple fact is that the database was stolen, and you shouldn't trust a hacker's inability to get any useful out of the salted database any more than you should trust the hacker's inability to steal the database to begin with. Change your password, and if you have any websites that use your email as the login ID with the same password as roll20, change that password too.  Nolan may be right, maybe this action won't be needed - but don't trust a hacker, or the groups that the hacker is usually selling those databases to, not to get around a security feature.  It's what they do.
You must Login to your Roll20 Account to post a reply.

© Roll20, LLC · Acknowledgements · Terms of Service & Privacy Policy · DMCA · Cookies · Support · Contact Us · Careers · On Social Media: Roll20 on TikTok Roll20 on Facebook Roll20 on Twitter Roll20 on YouTube Roll20 on Twitch Roll20 on Instagram

Roll20 Homepage DriveThru DMs Guild Roll20 Characters Dungeon Scrawl Pathfinder Infinite Starfinder Infinite

Roll20® is a Registered Trademark of Roll20, LLC. All rights reserved.