Popular online tabletop platform Roll20 sent shivers down the spines of Dungeons & Dragons enthusiasts worldwide after announcing a data breach on Wednesday, July 3.
The company confirmed unauthorized access to its administrative account, potentially exposing user data. However, the "bad actor" behind the cyberattack is not yet identified.
What Happened During the Roll20 Data Breach?
In its incident report posted on its website, Roll20 revealed that an unauthorized individual, referred to as a "bad actor," gained access to an administrative account on June 29th. This breach lasted for roughly an hour before the company took swift action, blocking unauthorized access and closing the network vulnerability. While the compromised account was swiftly disabled, the intruder may have viewed all user data during that window.
What Information Was Potentially Exposed?
While the full extent of the breach is still under investigation, Roll20 confirmed the following user data might have been accessed:
- Full Name: This includes your first and last name associated with your Roll20 account.
- Email Address: The email address linked to your Roll20 account may have been exposed.
- Last Known IP Address: This identifies the internet address you used to access Roll20 in the past.
- Last Four Digits of Credit Card (if stored): If you had a payment method saved on your Roll20 account, the final four digits of your credit card number could have been exposed.
More importantly, Roll20 clarifies that passwords, full credit card information, and billing addresses remain secure.
Related Article : Microsoft Provides Another Worrying Update on Russian Data Breach, Says Customer Emails Were Stolen
What Should You Do Now?
Here are some key steps to take after the Roll20 data breach:
- Change your Roll20 Password: Update your Roll20 password immediately using a strong and unique combination of letters, numbers, and symbols.
- Monitor Your Email for Phishing Attempts: Be cautious of emails claiming to be from Roll20. These could be phishing attempts designed to steal your login credentials or financial information.
- Review Your Credit Card Statements: While the full credit card number was not exposed, monitor your statements closely for any suspicious activity. Consider enabling fraud alerts on your credit card account.
- Enable Two-factor Authentication (2FA): If available, activate 2FA on your Roll20 account for an extra layer of security.
What is Roll20 Doing?
Roll20 is currently investigating the breach and has notified affected users. While details remain limited, the company prioritizes transparency and user safety.
"We truly regret that this incident occurred on our watch. Although we have no evidence that any of the data is being misused, and no passwords or card numbers were exposed, we believe in the importance of being transparent with our users about any potential exposure of their personal information," Boucher told TechCrunch in an email.
The Roll20 data breach serves as a reminder of the importance of online security. By taking the steps mentioned above and remaining vigilant, you can minimize the potential impact on your personal information.
In other news, Cloudflare revealed a tool to combat data-scraping bots, per Tech Times.