SPECIAL NOTICE
Malicious code was found on the site, which has been removed, but would have been able to access files and the database, revealing email addresses, posts, and encoded passwords (which would need to be decoded). However, there is no direct evidence that any such activity occurred. REGARDLESS, BE SURE TO CHANGE YOUR PASSWORDS. And as is good practice, remember to never use the same password on more than one site. While performing housekeeping, we also decided to upgrade the forums.
This is a site for discussing roleplaying games. Have fun doing so, but there is one major rule: do not discuss political issues that aren't directly and uniquely related to the subject of the thread and about gaming. While this site is dedicated to free speech, the following will not be tolerated: devolving a thread into unrelated political discussion, sockpuppeting (using multiple and/or bogus accounts), disrupting topics without contributing to them, and posting images that could get someone fired in the workplace (an external link is OK, but clearly mark it as Not Safe For Work, or NSFW). If you receive a warning, please take it seriously and either move on to another topic or steer the discussion back to its original RPG-related theme.

Roll20 user data stolen and sold on the darkweb.

Started by GeekyBugle, August 15, 2019, 08:50:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

GeekyBugle

August 15, 2019, 08:50:51 PM
All of it's users had their info stolen and sold on the darkweb. What's it with SJWs and having their consumer's info breached?


[video=youtube;PwhNlxagb9Y]https://www.youtube.com/watch?v=PwhNlxagb9Y[/youtube]
Quote from: Rhedyn

Here is why this forum tends to be so stupid. Many people here think Joe Biden is "The Left", when he is actually Far Right and every US republican is just an idiot.

"During times of universal deceit, telling the truth becomes a revolutionary act."

― George Orwell

Opaopajr

#1
August 16, 2019, 03:39:13 AM
Oh my god. I am so sorry to all who are affected. :(

I am sorta glad I am unaffected, but given the Equifax breach and bank breaches seemingly every other quarter, I know it's just a matter of time...
Just make your fuckin\' guy and roll the dice, you pricks. Focus on what\'s interesting, not what gives you the biggest randomly generated virtual penis.  -- J Arcane
 
You know, people keep comparing non-TSR D&D to deck-building in Magic: the Gathering. But maybe it\'s more like Katamari Damacy. You keep sticking shit on your characters until they are big enough to be a star.
-- talysman

Spinachcat

#2
August 16, 2019, 04:03:18 AM
Most data breaches go under-reported, even if reported.

Last year, I was in a startup which looked into buying personal data. Totally legal sources - all hosted at a major hotel where you wandered around tables and they offered you their wares. But instead of peaches from local farmers, they were offering highly specialized lists. For $40, I could drill down into one person's life to a bizarre degree or get 200 emails of people who earn over $100k with arthritis below 65.

It's really crazy and the explosion of publicly available data is heavily attributed to mega-data dumps from the breaches because all these companies use armies of dark web sweeper bots to dredge for data.

I suggest everyone google their names and wander in several pages. If your name is too common, add your birth city or current city. You might be very unpleasantly surprised by what your find. And that's just the main web!

estar

#3
August 16, 2019, 09:58:30 AM
A couple of points
1) What the person in the video is reading from is a follow up from the Roll20 breach from earlier this year. This letter doesn't add much new information. The main thing is that they confirmed their initial assessment of what was lost in the breach. As for the sale in the dark web, that it is to be expected.

2) While it doesn't relieve on Roll20 to ensure these breaches don't occur in the future, they were following some good practices that lessen he impact of the breach. They didn't store the full credit card number, and they didn't store the plain text of the password.

3) Roll20 is not in the business of coding secure database, they undoubtedly rely on a framework. The test for them is not whether they are decent at programming secure database but rather are they good database administrators. Are they keeping on top of security updates. Are they making sure their API framework is keeping up with the latest standards. If this happens again.

4) This incident illustrate why people recognize goodwill as a business asset. Part of what makes this situation problematic for Roll20 is the bridges they burned in the hobby due to their professional conduct.  One of the things needed to resolve a situation like this is establishing trust that you are doing the things to avoid a repeat. It hard to do that when your goodwill with your customer base is at its low point or is dropping.
Print
Go Up Pages1
User actions