On June 3, 2024, Roll20 users received an unsettling email: the platform had suffered a data breach. Roll20, a digital platform for playing tabletop role-playing games such as Dungeons & Dragons, revealed that personal data had been compromised. The breached data included names, email addresses, last known IP addresses, and the last four digits of stored credit cards.
In this article, we’ll cover what happened, what data was exposed, and what steps you should take now to protect yourself. You want to see the email first? Here it is:
Roll20 data breach 2024: What we know so far
On June 3, 2024, Roll20 notified some of its users about a data breach. This incident has sparked considerable concern within the gaming community, particularly given Roll20’s previous experience with data breaches. This breach is not Roll20’s first encounter with such issues. In 2018, the platform suffered a significant data breach affecting four million users. Similar types of personal data were compromised during that incident, raising ongoing concerns about the platform’s security measures.
The firm discovered the Roll20 data breach 2024 on June 29 at 6:30 PM when a compromised administrative account was detected. Recognizing the potential risk, the platform acted fast, blocking all access to the compromised account within an hour. An immediate investigation was launched to understand the extent and implications of the breach.
The Roll20 data breach 2024 investigation revealed that the unauthorized third party had gained access to Roll20’s administrative tools. This breach potentially exposed several types of personal information:
- First and last names: Basic identifying information of the users.
- Email addresses: The email addresses linked to user accounts.
- Last known IP addresses: The most recent IP addresses used by the affected accounts.
- Last four digits of credit cards: Only applicable if the user had stored payment information on the platform.
Importantly, the Roll20 data breach did not include users’ passwords or complete payment information, such as full credit card numbers or billing addresses.
Roll20 informed affected users via email, emphasizing that there was no current evidence suggesting misuse of the compromised data. In the email, Roll20 assured users that passwords and full payment details were secure. They provided a link to the Roll20 Help Center, where users could open a support ticket to view a detailed copy of the data specifically compromised in their case.
Roll20 advises: What you need to do now
In light of the Roll20 data breach 2024, the firm has advised users to:
- Monitor account activity: Regularly check for any unusual or suspicious activities on their accounts.
- Review compromised data: Use the support ticket system to understand the specific data affected.
- Change passwords and payment information: Consider updating passwords and payment methods as a precautionary measure.
- Be wary of phishing attempts: Be cautious of any unsolicited communications that could exploit the compromised information.
While no threat actor has claimed responsibility for this recent breach, Roll20 is likely to enhance its security protocols to prevent future incidents. The company’s fast action and transparency in handling the Roll20 data breach 2024 have been positive steps, but they highlight the necessity of robust cybersecurity measures.
Roll20 has been a crucial platform for gamers, especially during the COVID-19 pandemic, which saw a surge in its user base. As of March 2021, Roll20 boasted over eight million users worldwide.
Featured image generated by Eray Eliaçık/Bing