ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

Roll20 Data Breach

roll20.net
Significant exposure
Verified breach Passwords exposed
Accounts exposed 3,994,436
Breach date 26 Dec 2018
Added to tracker 19 Jul 2019
Data classes 5

What happened

In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed.

Exposed data

Email addresses IP addresses Names Partial credit card data Passwords

Recommended actions

  • Change your Roll20 password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Roll20 โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP