ShellCodeX Breach Report
Roll20 Data Breach
roll20.net
Verified breach
Passwords exposed
Accounts exposed
3,994,436
Breach date
26 Dec 2018
Added to tracker
19 Jul 2019
Data classes
5
What happened
In December 2018, the tabletop role-playing games website Roll20 suffered a data breach. Almost 4 million customers were impacted by the breach and had email and IP addresses, names, bcrypt hashes of passwords and the last 4 digits of credit cards exposed.
Exposed data
Email addresses
IP addresses
Names
Partial credit card data
Passwords
Recommended actions
- Change your Roll20 password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing Roll20 โ attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP