Originally posted on 15th of February 2019 By: Gunny Waffle of the Star Warrior's Server Mod Team
Welp, got yet another PSA, and this one is a data breach.
If you remember, there was a data breach called "Collection #1" a month ago.
This update is because Roll20 admitted to the following: "Roll20 only maintains users’ name, email address, hashed password, last login IP and time of login, and the last 4 digits of users’ credit card" in their blog post http://blog.roll20.net/post/182811484420/roll20-security-breach
They are choosing not to notify users, for some reason. So I am notifying you all, considering they stored credit card digits.
So if you used Roll20 and paid with card, keep an eye on your billing statements. This is because all that stored info gives a malicious user some serious cross-reference verification for other data they may have.
Otherwise, the standard procedure applies and you shouldn't worry too much. (This is covered in the "Collection #1" post.)
- Star Warrior's Server Mod Team