What happened in the Roll20 data breach?
Twingate Team
•
Apr 17, 2024
In December 2018, Roll20, a popular platform for tabletop role-playing games, experienced a data breach that affected millions of users. The breach exposed sensitive information, including email and IP addresses, names, password hashes, and partial credit card numbers.
How many accounts were compromised?
The breach impacted data related to approximately 4 million individuals.
What data was leaked?
The data exposed in the breach included email addresses, IP addresses, names, partial credit card numbers, and password hashes.
How was Roll20 hacked?
During the Roll20 data breach, hackers gained unauthorized access to the platform's user data, compromising the personal information of nearly 4 million customers. The breach was discovered when the stolen data appeared for sale on a dark web marketplace. Roll20's investigation, conducted with the help of a legal team and cybersecurity firm Kroll, identified several possible attack vectors that have since been addressed.
Roll20's solution
In response to the data breach, Roll20 took several measures to enhance the security of its platform and prevent future incidents. The company engaged cybersecurity firm Kroll to review logs and monitor access to their systems. Roll20 also identified and remedied several possible attack vectors, updated communication and credential cycling practices, and completed code library updates.
How do I know if I was affected?
Roll20 has not explicitly stated whether they reached out to affected users. However, if you're a Roll20 user and are concerned about the breach, you may visit HaveIBeenPwned, a platform that monitors data breaches and can notify individuals if their data has been disclosed in recognized data leaks.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached platform. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached platform and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For specific advice on Roll20's data breach, please contact Roll20's support directly.
Where can I go to learn more?
If you want to find more information on the Roll20 data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Roll20 data breach?
Twingate Team
•
Apr 17, 2024
In December 2018, Roll20, a popular platform for tabletop role-playing games, experienced a data breach that affected millions of users. The breach exposed sensitive information, including email and IP addresses, names, password hashes, and partial credit card numbers.
How many accounts were compromised?
The breach impacted data related to approximately 4 million individuals.
What data was leaked?
The data exposed in the breach included email addresses, IP addresses, names, partial credit card numbers, and password hashes.
How was Roll20 hacked?
During the Roll20 data breach, hackers gained unauthorized access to the platform's user data, compromising the personal information of nearly 4 million customers. The breach was discovered when the stolen data appeared for sale on a dark web marketplace. Roll20's investigation, conducted with the help of a legal team and cybersecurity firm Kroll, identified several possible attack vectors that have since been addressed.
Roll20's solution
In response to the data breach, Roll20 took several measures to enhance the security of its platform and prevent future incidents. The company engaged cybersecurity firm Kroll to review logs and monitor access to their systems. Roll20 also identified and remedied several possible attack vectors, updated communication and credential cycling practices, and completed code library updates.
How do I know if I was affected?
Roll20 has not explicitly stated whether they reached out to affected users. However, if you're a Roll20 user and are concerned about the breach, you may visit HaveIBeenPwned, a platform that monitors data breaches and can notify individuals if their data has been disclosed in recognized data leaks.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached platform. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached platform and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For specific advice on Roll20's data breach, please contact Roll20's support directly.
Where can I go to learn more?
If you want to find more information on the Roll20 data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Roll20 data breach?
Twingate Team
•
Apr 17, 2024
In December 2018, Roll20, a popular platform for tabletop role-playing games, experienced a data breach that affected millions of users. The breach exposed sensitive information, including email and IP addresses, names, password hashes, and partial credit card numbers.
How many accounts were compromised?
The breach impacted data related to approximately 4 million individuals.
What data was leaked?
The data exposed in the breach included email addresses, IP addresses, names, partial credit card numbers, and password hashes.
How was Roll20 hacked?
During the Roll20 data breach, hackers gained unauthorized access to the platform's user data, compromising the personal information of nearly 4 million customers. The breach was discovered when the stolen data appeared for sale on a dark web marketplace. Roll20's investigation, conducted with the help of a legal team and cybersecurity firm Kroll, identified several possible attack vectors that have since been addressed.
Roll20's solution
In response to the data breach, Roll20 took several measures to enhance the security of its platform and prevent future incidents. The company engaged cybersecurity firm Kroll to review logs and monitor access to their systems. Roll20 also identified and remedied several possible attack vectors, updated communication and credential cycling practices, and completed code library updates.
How do I know if I was affected?
Roll20 has not explicitly stated whether they reached out to affected users. However, if you're a Roll20 user and are concerned about the breach, you may visit HaveIBeenPwned, a platform that monitors data breaches and can notify individuals if their data has been disclosed in recognized data leaks.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached platform. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached platform and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
For specific advice on Roll20's data breach, please contact Roll20's support directly.
Where can I go to learn more?
If you want to find more information on the Roll20 data breach, check out the following news articles: