All of it's users had their info stolen and sold on the darkweb. What's it with SJWs and having their consumer's info breached?
[video=youtube;PwhNlxagb9Y]https://www.youtube.com/watch?v=PwhNlxagb9Y[/youtube]
Oh my god. I am so sorry to all who are affected. :(
I am sorta glad I am unaffected, but given the Equifax breach and bank breaches seemingly every other quarter, I know it's just a matter of time...
Most data breaches go under-reported, even if reported.
Last year, I was in a startup which looked into buying personal data. Totally legal sources - all hosted at a major hotel where you wandered around tables and they offered you their wares. But instead of peaches from local farmers, they were offering highly specialized lists. For $40, I could drill down into one person's life to a bizarre degree or get 200 emails of people who earn over $100k with arthritis below 65.
It's really crazy and the explosion of publicly available data is heavily attributed to mega-data dumps from the breaches because all these companies use armies of dark web sweeper bots to dredge for data.
I suggest everyone google their names and wander in several pages. If your name is too common, add your birth city or current city. You might be very unpleasantly surprised by what your find. And that's just the main web!
A couple of points
1) What the person in the video is reading from is a follow up from the Roll20 breach from earlier this year. This letter doesn't add much new information. The main thing is that they confirmed their initial assessment of what was lost in the breach. As for the sale in the dark web, that it is to be expected.
2) While it doesn't relieve on Roll20 to ensure these breaches don't occur in the future, they were following some good practices that lessen he impact of the breach. They didn't store the full credit card number, and they didn't store the plain text of the password.
3) Roll20 is not in the business of coding secure database, they undoubtedly rely on a framework. The test for them is not whether they are decent at programming secure database but rather are they good database administrators. Are they keeping on top of security updates. Are they making sure their API framework is keeping up with the latest standards. If this happens again.
4) This incident illustrate why people recognize goodwill (https://en.wikipedia.org/wiki/Goodwill_(accounting)) as a business asset. Part of what makes this situation problematic for Roll20 is the bridges they burned in the hobby due to their professional conduct. One of the things needed to resolve a situation like this is establishing trust that you are doing the things to avoid a repeat. It hard to do that when your goodwill with your customer base is at its low point or is dropping.