On June 29, 2024, at 6:30 P.M. Pacific Time, Roll20 learned that an administrative account was compromised. By 7:30 P.M. Pacific Time, we acted to ensure that all unauthorized access was blocked, and we began the process of investigating the incident to determine the scope.
Following our investigation, we learned that the unauthorized third-party had access to administrative tools, which may have resulted in the exposure of personal information, such as your: first and last name, email address, last known IP address, and the last 4 digits of your credit card (solely if you had a stored payment with us).
Notably, the compromised administrative tooling did not expose your password or your full payment information, such as your address or credit card number.
While we have no reason to believe that your personal information has been misused, we are notifying you out of an abundance of caution.
We take your privacy and security very seriously, and we deeply regret that this incident occurred. We will be implementing an action plan to further enhance the security of our administrative tools going forward.
If you have questions, or if you would like to view a copy of your account data that the third party may have had access to, please reach out to us at https://help.roll20.net and create a support ticket with the subject line “Incident Data Request” and we will be happy to assist you.
Here are some resources containing good best practices for protecting your information online which we recommend: https://consumer.ftc.gov/online-security