Gaming / Virtual Tabletop / Consumer
Online virtual-tabletop platform for tabletop role-playing games.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
In December 2018, Roll20 suffered a breach affecting almost 4 million users, exposing email and IP addresses, names, bcrypt password hashes and the last four digits of payment cards.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
4.0M records analyzed
Roll20 is an online virtual-tabletop platform that lets players run tabletop role-playing games remotely with maps, dice, video and character tools.
A virtual-tabletop platform holds player identity and contact data, IP addresses, hashed passwords and, for subscribers, the last four digits of payment cards.
Roll20 disclosed the December 2018 breach in early 2019, forced password resets and notified users.
Roll20 reset affected passwords and notified its player community; the breach became part of the broadly-traded 2018-2019 breach corpus.
• Credential stuffing against reused passwords across other platforms | • Financial fraud using exposed financial profile data | • Targeted phishing campaigns using exposed email addresses
A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation