On June 29, 2024, at 6:30 P.M. Pacific Time, Roll20 learned that an administrative account was compromised. By 7:30 P.M. Pacific Time, we acted to ensure that all unauthorized access was blocked, and we began the process of investigating the incident to determine the scope.
Following our investigation, we learned that the unauthorized third-party had access to administrative tools, which may have resulted in the exposure of personal information, such as your: first and last name, email address, last known IP address, and the last 4 digits of your credit card (solely if you had a stored payment with us).
Notably, the compromised administrative tooling did not expose your password or your full payment information, such as your address or credit card number.
While we have no reason to believe that your personal information has been misused, we are notifying you out of an abundance of caution.
Read more at this site