Popular virtual tabletop service Roll20 , according to an email the company sent out to users. The email, written on July 2, warned users that their personal data may have been exposed, including “first and last name, email address, last known IP address, and the last four digits” of credit cards. However, the breach didn’t expose passwords or full financial information, so that’s good.
The company discovered “unauthorized access” to an administrative account last week. It immediately blocked the impacted account, but this particular account had access to the aforementioned personal information. Roll20 doesn’t know if anyone actually used this breach to scoop up data, saying it has “no reason to believe that your personal information has been misused” and that it’s notifying users “out of an abundance of caution.”
Engadget reached out to the company for more information regarding the timeline and the potential impact. We’ll update this post when we hear more. “We truly regret that this incident occurred on our watch,” Roll20 founder .
It’s worth noting that users to implement two-factor authentication (2FA) for years, to no avail. It experienced a similar data breach in 2018 . It’s probably time for Roll20 to bump its charisma stats and approach a 2FA service provider, for the good of the realms.
You Might Also Like
TikTok removes Russian state-owned media accounts for ‘covert influence’
TikTok has announced in its US Elections Integrity Hub that it has removed accounts associated with Rossiya Segodnya and TV-Novosti,...
Apple’s AirPods 4 are already on sale in this early Prime Day deal
It has been less than a week since Apple released the AirPods 4, and there's already a small sale available...
Spotify’s AI Playlists are now available for Premium users in the US
Spotify’s beta AI Playlist feature is now available for Premium users in the US, Canada, Ireland and New Zealand. It...
OpenAI’s X account was hacked to promote a crypto scam
OpenAI opened a newsroom Twitter account earlier this month and it's already been hacked. The new handle was taken over...