Hi Teak, please refer to Nolan's post on another thread that has some more information, some one asked 'So what should we be doing while you look into this?': Nolan T. J. said: It is unlikely that any user action is needed. Again, the amount of possible data in this is quite limited-- passwords are salted, financial data is not stored with us, and so on. This is much more about Roll20 checking vulnerabilities right now. We'll report back on our findings as soon as possible. EDIT: As for two-factor authentication, we regularly discuss this and other possible security features for the site. That has not yet concretely made the road map, but we have several updates related to continual security improvements happening this year that we view as a priority. If two-factor or any other concrete security practices are something you're passionate about, please let us know more via the Suggestions Forum . Thank you.