Last night the tech press reported that a notorious hacker had struck again, claiming another 127 million accounts and records of exposed data for their trophy belt.
Virtual tabletop site Roll20 is in the list of victims, and Roll20 have now confirmed they have had a security breach.
The hacker is claiming to have 4 million records from Roll20. The hacker seems to use the words ‘records’ and ‘accounts’ differently.
Roll20 have officially responded via their forums. They stress that no financial information is at risk and that all passwords are encrypted.
Roll20’s lead designer, Steke K, said;
Earlier today, Roll20 was named in a report as one of several victims of an attack by cybercriminals. While we can confirm a breach did occur, we are currently focused on finding out all the facts. For now, it’s important to note the report makes clear that no financial data was included in the breach.
Our security teams work tirelessly to fix potential weaknesses in our systems, and we take seriously our responsibility to safeguard our users’ personal information.
Here’s how we do that:
- Roll20 only maintains the following personal information: users’ name, email address, hashed password, last login IP and time of login, and the last 4 credit card digits.
- We use Stripe and PayPal to process transactions; all billing information is handled by them and never touches our servers.
- We utilize bcrypt for password hashing, which means that it cannot be reverse-engineered for utilization with other sites or to access Roll20.
We know it’s frustrating to not have all the facts, and we’re working to uncover the full extent of this breach. We will be continuously updating our members with information as our investigation continues.
Worried about whether your passwords have been leaked? Google recently released a new Chrome extension called Password Checkup that alerts you if you’re using a username or password that Google knows is no longer safe. Google learns this when password lists are exposed entirely or in-part after they’re sold or traded online.
The hacker behind the Roll20 security breach is currently selling your details for about $14,500 worth of Bitcoin.
Creative Commons credit: Slitaz Enigma Hacker wallpaper by HolkFoor.
Can you help expand this article? Scribble down some thoughts in the discussion area below.
