Roll20, an online gaming giant for tabletop and role-playing enthusiasts, recently got hit by a data breach because apparent security measures were as effective as a screen door on a submarine. Someone with naughty intentions wormed their way into Roll20’s systems using a compromised admin account. This cyber-ninja hung out in the system for about an hour, had time for a cup of coffee, joyously modified a user account but — don’t panic — it’s been fixed!
During their one-hour digital tour, the intruder had a sneak peek at users’ personal info, like full names, email addresses, their last known locations in cyberspace, and even some juicy credit card digits (thankfully, just the last four). But relax, your passwords are safe, cocooned by some good ol’ bcrypt hashing, and your payment details? Those weren’t even on the premises! However, how many were hit by this debacle or whether the info was snagged and bagged for later misuse remains a mystery that even Sherlock might find a tad challenging.
In a dazzling display of shutting the barn door after the horse has bolted, Roll20 announced a thrilling “action plan” to prevent future virtual villains. They’ve decided maybe it’s a neat idea to tighten up what admin accounts can peek at and to up the ante on security all-round. Let’s hope it’s more Fort Knox and less “please use this password again.”
**Hot Take**
Breaches are starting to feel like a new feature in subscription services, huh? Wish we could unsubscribe from THAT. Roll20, maybe next time consider less “rolling with it” and more rolling out the digital big guns from day one. How about we start the next session with “Roll for improved security measures”?
Original Article: https://www.techradar.com/pro/security/tabletop-gamers-hit-by-data-breach-affecting-roll20-gaming-site