Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account

I just received a notification of a data breach on Roll20

  1. Community Forums
  2. Bug Reports & Technical Issues
  3. I just received a notification of a data breach on Roll20
1563571642
[Deleted]
Permalink for 7622620 Quote
Can anyone from Roll20 provide comment? What actions, if any, do members need to take? <a href="https://monitor.firefox.com/breach-details/Roll20#delayed-reporting" rel="nofollow">https://monitor.firefox.com/breach-details/Roll20#delayed-reporting</a>
1563572397
Jesse
Plus
Permalink for 7622659 Quote
Roll20 disclosed this early in the year.&nbsp; Check the announcements forum from like December to February.&nbsp; At the time Roll20 said no credit card info was leaked, but my breach notice today indicates at least partial credit card data was compromised.&nbsp; I would like an update from Roll20 about this.
1563576301
Drespar
Roll20 Team
Permalink for 7622814 Quote
Hi everyone, We announced this breach back on February 14, 2019: <a href="http://roll20.io/122018breach" rel="nofollow">http://roll20.io/122018breach</a> We take the responsibility to safeguard our users' personal information very seriously and Roll20 retains the bare minimum of user information. The precautions we take to keep your information secure mean that only the following data could be accessed: users' names, emails, last four numbers of credit card, and passwords that have been securely salted and hashed with bcrypt so they cannot be reverse-engineered or exposed. This illegal breach did NOT access financial data. Roll20 processes transactions and data through secure third party platforms such as Stripe and PayPal. Our servers do not store or even touch your financial data directly. Roll20's goal is always to protect our community and our security teams work tirelessly to monitor, identify and fix potential weaknesses in our systems.
1563931904
Zulbo
Plus
Permalink for 7633567 Quote
Try Hunt's&nbsp; ';--have i been pwned? website now includes this breach.&nbsp; So you can search to see if your email was included. <a href="https://haveibeenpwned.com/" rel="nofollow">https://haveibeenpwned.com/</a> The site reports as follows: Roll20 : In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed. The data was provided to HIBP by a source who requested it be attributed to "<a href="mailto:JimScott.Sec@protonmail.com" rel="nofollow">JimScott.Sec@protonmail.com</a>". Compromised data: Email addresses, IP addresses, Names, Partial credit card data, Passwords
1565672007
Seikojin
Pro
Permalink for 7684667 Quote
I just got the email today.&nbsp; Does that mean a second breach?&nbsp; Or, do the emails slowly trickle out during the investigation?&nbsp; I never got word earlier.&nbsp; Also is there any contact we can have directly to see if on the individual level, that we have been seen in the breach?&nbsp; Have I been pwned is not direct response.
1565705394
3R1C
Permalink for 7685408 Quote
I also got this email. Or emails. As I get like same email over and over and over....So far it’s getting close to 20 e-mails
1565729001
Jesse
Plus
Permalink for 7686222 Quote
Roll20 sent out an email to all users on February 15 notifying them of the security breach.&nbsp; Emails you may be receiving now are most likely coming from third party services like credit bureaus and banks.&nbsp; Many will check your email address against published leaks and notify you of the breach, but they are often many months behind.
1565729969
keithcurtis
Forum Champion
Marketplace Creator
API Scripter
Permalink for 7686272 Quote
Actually, an email from Roll20 is coming out to users as of yesterday (for me, at least), giving an update.
1565741704
Seikojin
Pro
Permalink for 7686797 Quote
My partner who never has had a roll20 account got an email.
1565920035

Edited 1565922557
Olivia B.
Permalink for 7691886 Quote
Just found out about a data breach, apparently they can show me what information was stolen on me if I email them but the site doesn't have any leads that way. If anyone knows of a good address for me to reach them at that would be appreciated.
1565927572
Jesse
Plus
Permalink for 7692122 Quote
Per their email: "Any user that wishes to see an example of their compromised data can contact team@ roll20 .net and request that of myself (Jeffrey Lamb)."
You must Login to your Roll20 Account to post a reply.