Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Next
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
Twitch
YouTube
Facebook (EN Publishing)
Facebook (EN World)
Twitter
Instagram
TikTok
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Community
General Tabletop Discussion
*TTRPGs General
Roll20's 4M Accounts Hacked
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Morrus" data-source="post: 7772184" data-attributes="member: 1"><p>The leading virtual tabletop, with over 4 million accounts, has been hacked. Roll20 was one of many victims in a major hack back in December 2018. No financial details were included.[PRBREAK][/PRBREAK]<p style="text-align: center"></p> <p style="text-align: center"></p> <p style="text-align: center">[ATTACH=full]112282[/ATTACH]</p><p></p><p>Here is there current statement:</p><p></p><p>[hq]"Earlier today (2/14), Roll20 was <a href="https://techcrunch.com/2019/02/14/hacker-strikes-again/" target="_blank">named in a report</a> as one of several victims of an attack by cybercriminals. While we can confirm a breach did occur, we are currently focused on finding out all the facts. For now, it’s important to note the report makes clear that no financial data was included in the breach. Our security teams work tirelessly to fix potential weaknesses in our systems, and we take seriously our responsibility to safeguard our users’ personal information. </p><p></p><p>Here’s how we do that:</p><p></p><ul> <li data-xf-list-type="ul">Roll20 only maintains the following personal information: users’ name, email address, hashed password, last login IP and time of login, and the last 4 credit card digits.</li> <li data-xf-list-type="ul">We use <a href="https://stripe.com/" target="_blank">Stripe</a> and <a href="https://www.paypal.com/us/home" target="_blank">PayPal</a> to process transactions; all billing information is handled by them and never touches our servers.</li> <li data-xf-list-type="ul">We <a href="https://en.m.wikipedia.org/wiki/Bcrypt" target="_blank">utilize bcrypt</a> for password hashing, which means that it cannot be reverse-engineered for utilization with other sites or to access Roll20.</li> </ul><p>We know it’s frustrating to not have all the facts, and we’re working to uncover the full extent of this breach. We will be continuously updating our members with information as our investigation continues.</p><p></p><p>UPDATE 2/15 2:45 PM PT: Based off the account numbers from breached data, we've determined this took place on approximately December 26th.The data size (~700MB) is consistent with being our "account object," which, as earlier stated, contains name, email address, last four of credit card, most recent IP address, and hashed & salted password. While the hash & salt should keep passwords safe, it never hurts to reset.We are continuing to work internally and with outside investigators to determine the methodology of breach, while also fulfilling GDPR requirements and notifying appropriate law enforcement.Expect more details early next week"[/hq]</p><p></p><p>Getting hacked is commonplace these days (you may recall this site was hacked a few years back), what's surprising is that Roll20 has 4 MILLION accounts. That certainly speaks to the growth of our hobby.</p></blockquote><p></p>
[QUOTE="Morrus, post: 7772184, member: 1"] The leading virtual tabletop, with over 4 million accounts, has been hacked. Roll20 was one of many victims in a major hack back in December 2018. No financial details were included.[PRBREAK][/PRBREAK][CENTER] [ATTACH=FULL]112282[/ATTACH][/CENTER] Here is there current statement: [hq]"Earlier today (2/14), Roll20 was [URL="https://techcrunch.com/2019/02/14/hacker-strikes-again/"]named in a report[/URL] as one of several victims of an attack by cybercriminals. While we can confirm a breach did occur, we are currently focused on finding out all the facts. For now, it’s important to note the report makes clear that no financial data was included in the breach. Our security teams work tirelessly to fix potential weaknesses in our systems, and we take seriously our responsibility to safeguard our users’ personal information. Here’s how we do that: [LIST] [*]Roll20 only maintains the following personal information: users’ name, email address, hashed password, last login IP and time of login, and the last 4 credit card digits. [*]We use [URL="https://stripe.com/"]Stripe[/URL] and [URL="https://www.paypal.com/us/home"]PayPal[/URL] to process transactions; all billing information is handled by them and never touches our servers. [*]We [URL="https://en.m.wikipedia.org/wiki/Bcrypt"]utilize bcrypt[/URL] for password hashing, which means that it cannot be reverse-engineered for utilization with other sites or to access Roll20. [/LIST] We know it’s frustrating to not have all the facts, and we’re working to uncover the full extent of this breach. We will be continuously updating our members with information as our investigation continues. UPDATE 2/15 2:45 PM PT: Based off the account numbers from breached data, we've determined this took place on approximately December 26th.The data size (~700MB) is consistent with being our "account object," which, as earlier stated, contains name, email address, last four of credit card, most recent IP address, and hashed & salted password. While the hash & salt should keep passwords safe, it never hurts to reset.We are continuing to work internally and with outside investigators to determine the methodology of breach, while also fulfilling GDPR requirements and notifying appropriate law enforcement.Expect more details early next week"[/hq] Getting hacked is commonplace these days (you may recall this site was hacked a few years back), what's surprising is that Roll20 has 4 MILLION accounts. That certainly speaks to the growth of our hobby. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*TTRPGs General
Roll20's 4M Accounts Hacked
Top