Roll20 Hacked, Customer Information Possibly Exposed

A third party may have accessed customer names, emails, IP addresses, and last 4 digits of CC#s


In an email sent to customers, Roll20 announced that an administrative account had been compromised for approximately one hour on June 29, 2024. The access was blocked within one hour of the intrusion being discovered and an investigation began into the breach. From the email:

On June 29, 2024, at 6:30 P.M. Pacific Time, Roll20 learned that an administrative account was compromised. By 7:30 P.M. Pacific Time, we acted to ensure that all unauthorized access was blocked, and we began the process of investigating the incident to determine the scope.

Following our investigation, we learned that the unauthorized third-party had access to administrative tools, which may have resulted in the exposure of personal information, such as your: first and last name, email address, last known IP address, and the last 4 digits of your credit card (solely if you had a stored payment with us).

Notably, the compromised administrative tooling did not expose your password or your full payment information, such as your address or credit card number.

While we have no reason to believe that your personal information has been misused, we are notifying you out of an abundance of caution.

The email states that customers with questions or who would like a copy of the account data the third party mage have access to create a support ticket with the subject line "Incident Data Request" on A link was also provided to the United States Federal Trade Commission website on online security for consumers. A FAQ has also been posted to the Roll20 website.

log in or register to remove this ad

Darryl Mott

Darryl Mott


Change your passwords even if they did explicitly suggest that 'no passwords' were compromised... I've seen too many PR releases where they 'care about your privacy and security' and "no customer data or passwords were leaked".

a week later "we've been made aware that we were completely owned up left, right, and center and have initiated a complete password reset for all customers 'out of an abundance of caution'. Also, we have no clue how they are storing credit card and passwords, so anyone who's saved your CC info in your account should keep a look out for the near term. (and maybe remove it because it's 'convenient' to store your CC info in their database)

was interesting to have my work invade my side-side projects, but here we are...

Voidrunner's Codex

Remove ads

Voidrunner's Codex

Remove ads