A notorious hacker has reportedly struck again, this time targetting virtual tabletop site Roll20. The hacker claims that they have taken up to four million records from the site and has every intention of selling the data as soon as possible.
According to Geek Native, Roll20 has addressed the hacker's claims and confirmed the security breach. However, the site insists that the users' financial information has been accessed and that all passwords are strictly encrypted.
Steke K, Roll20's lead designer, spoke up about the reported hacking in a forum.
"Earlier today, Roll20 was named in a report as one of several victims of an attack by cybercriminals. While we can confirm a breach did occur, we are currently focused on finding out all the facts. For now, it's important to note the report makes clear that no financial data was included in the breach.
"Our security teams work tirelessly to fix potential weaknesses in our systems, and we take seriously our responsibility to safeguard our users' personal information."
According to Steke, the site only maintains basic personal information about the users, which includes "users' name, email address, hashed password, last login IP and time of login, and the last 4 credit card digits." In addition to that, all billing information is handled by separate sites (Stripe and PayPal) and cannot be accessed by Roll20's own servers.
Steke also wanted to assure users that Roll20 will continue investigating the matter and keep everyone updated. "We know it's frustrating to not have all the facts, and we're working to uncover the full extent of this breach. We will be continuously updating our members with information as our investigation continues," he wrote.
The hacker is reportedly selling information in exchange for Bitcoins.
Related: The Crew for Star Wars Episode IX had to Use Old Cellphones on Set to Avoid Leaks
Explore new topics and discover content that's right for you!
Fandoms