Can anyone from Roll20 provide comment? What actions, if any, do members need to take?
Can anyone from Roll20 provide comment? What actions, if any, do members need to take?
Roll20 disclosed this early in the year. Check the announcements forum from like December to February. At the time Roll20 said no credit card info was leaked, but my breach notice today indicates at least partial credit card data was compromised. I would like an update from Roll20 about this.
Hi everyone,
We announced this breach back on February 14, 2019:
We take the responsibility to safeguard our users' personal information very seriously and Roll20 retains the bare minimum of user information. The precautions we take to keep your information secure mean that only the following data could be accessed: users' names, emails, last four numbers of credit card, and passwords that have been securely salted and hashed with bcrypt so they cannot be reverse-engineered or exposed.
This illegal breach did NOT access financial data. Roll20 processes transactions and data through secure third party platforms such as Stripe and PayPal. Our servers do not store or even touch your financial data directly.
Roll20's goal is always to protect our community and our security teams work tirelessly to monitor, identify and fix potential weaknesses in our systems.
Try Hunt's ';--have i been pwned? website now includes this breach. So you can search to see if your email was included.
The site reports as follows:
Roll20: In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed. The data was provided to HIBP by a source who requested it be attributed to "".
Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords
I just got the email today. Does that mean a second breach? Or, do the emails slowly trickle out during the investigation? I never got word earlier. Also is there any contact we can have directly to see if on the individual level, that we have been seen in the breach? Have I been pwned is not direct response.
I also got this email. Or emails. As I get like same email over and over and over....So far it’s getting close to 20 e-mails
Roll20 sent out an email to all users on February 15 notifying them of the security breach. Emails you may be receiving now are most likely coming from third party services like credit bureaus and banks. Many will check your email address against published leaks and notify you of the breach, but they are often many months behind.
Actually, an email from Roll20 is coming out to users as of yesterday (for me, at least), giving an update.
Just found out about a data breach, apparently they can show me what information was stolen on me if I email them but the site doesn't have any leads that way. If anyone knows of a good address for me to reach them at that would be appreciated.
Per their email: "Any user that wishes to see an example of their compromised data can contact and request that of myself (Jeffrey Lamb)."