Return to

Roll20 Security Breach


I didn’t know this happened. I received an e-mail this morning.

To all of those that use Roll20 or have in the past, Roll20 recommends changing your password immediately and checking the identity theft documents of the FTC.

The e-mail I received is below:



weird i didnt get an email

1 Like


Seems like a reasonable response. I’ll have to check my email to see if I got it too. I setup an account but I never used it.

Yup, got it too.

1 Like


Does it show up on have I been pwned?

1 Like


Me? I didn’t bother checking it’s a throwaway email address anyways. I hadn’t checked it since 2016 :stuck_out_tongue:

1 Like


I didn’t even remember I had created an account or for what reason. I was previously notified by check with haveibeenpwned service and then got the e-mail today. Not really sure I had any important info in there.

1 Like


Same lol. I think that may be the case for a lot of people. Joined once to play a campaign or two and never went back.



Got the same email. Never bought anything there so they wouldn’t have the last 4 of my credit card. Really only my password hash got taken and I diversify my passwords well enough that I’m not worried.

Still sucks pretty bad.

Bonus points for them actually sending a fucking notice though.



Got my email late last night so seems like its taking awhile

1 Like


Well, I guess it’s because there were 665 mutations before you…


Anyways, yeah I didn’t have a credit card on file or anything. Speaking of that… I really hate sites that force you to keep one on file for one reason or another. No thanks! I don’t trust you to keep it safe. I’m fine having to enter every time. But maybe that’s just me.

(Well obviously it’s a must if it’s a service that’s billed monthly. I just meant general shops and such. )

1 Like


I did but fuck that was probably 2 credit cards ago at this point and eh last 4 w/e. Only thing that would matter is salted passwords and I dont use the same password for things that actually matter.

1 Like


That reminds me. I’ve never cared enough to actually look into it but you know how some sites get caught having stored the CVV number on the back that every credit card company/processor forbids in their terms? (PCI) I wonder just how badly those companies get bent over with additional processing rates or just straight up denial of service due to being too much of a risk?

Or do they simply get slapped on the wrist while the banks and in turn the consumer fits the bill for their idiocy?



I mean I only give sites credit cards so I can always dispute any charges. People who use debit cards for anything but pulling out cash confuse me.



lol fair point. Sorry just had banks on my mind because I was remembering doing credit card processing through one of those terminals at one of my jobs in the past because there’s always (business) customers that you don’t want to accept checks from. Though a larger number of companies probably pay electronically these days. A written check with float for a few days before it hits the account :stuck_out_tongue:

Banks aside, I have to wonder if the site gets hit in the pocket for it. I have to assume there is something as I know they’ll drop you if you have too many fraud/disputed charges.