Roll20, the online tabletop role-playing game platform, discloses a data breach

The popular online tabletop and role-playing game platform Roll20 announced on Wednesday that it had suffered a data breach, exposing some users’ personal information.

In a post on its official website, Roll20 reported that on June 29, a “bad actor” accessed an account on the company’s administrative website for one hour before the company blocked unauthorized access and ended the network breach. During this time, the hacker modified one user account, but Roll20 promptly reversed these modifications. However, the hacker was able to view all user accounts during this period.

Roll20 stated that the hacker “may have been able to view” users’ personal information, including full names, email addresses, last-known IP addresses, and the last four digits of their credit cards if a payment method was stored on the account. The company clarified that the hacker did not access passwords or complete payment information such as home addresses and full credit card numbers.

Roll20 is notifying users about the breach, and several users have shared screenshots of the email notification on social media.

However, Roll20 spokesperson Jayme Boucher did not respond to questions regarding the total number of users affected, the number of users who had their partial credit card information stolen, how the hacker accessed the administrative account, or any information about the hacker’s identity.

Roll20, which boasts 12 million users and claims to be “the No. 1 choice for D&D online,” is now addressing the breach and its aftermath.