Popular virtual desktop service Roll20 , according to an email the company sent to users. In a July 2 email, users were warned that their credit card information, including their “first and last name, email address, last known IP address and last four digits,” could be exposed. However, the breach didn’t expose passwords or full financial information, so that’s fine.
The company discovered “unauthorized access” to an administrative account last week. It immediately blocked the affected account, but this particular account had access to the aforementioned personal information. While Roll20 doesn’t know if anyone has actually used the breach to harvest data, it says it has “no reason to believe that your personal information has been misused” and warns users “to be cautious.”
Engadget reached out to the company for more information on the timeline and potential impact. We’ll update this post when we hear more. Roll20 founder: “We regret that this incident happened on our watch” .
It should be noted that users years of implementing two-factor authentication (2FA) to no avail. He faced a similar data breach in 2018 . It’s probably time for Roll20 to boost his charisma stats and turn to a 2FA service provider for the good of the realms.
