A notorious hacker has reportedly struck again, this time targetting virtual tabletop site Roll20. The hacker claims that they have taken up to four million records from the site and has every intention of selling the data as soon as possible.
According to Geek Native, Roll20 has addressed the hacker's claims and confirmed the security breach. However, the site insists that the users' financial information has been accessed and that all passwords are strictly encrypted.
Steke K, Roll20's lead designer, spoke up about the reported hacking in a forum.
According to Steke, the site only maintains basic personal information about the users, which includes "users' name, email address, hashed password, last login IP and time of login, and the last 4 credit card digits." In addition to that, all billing information is handled by separate sites (Stripe and PayPal) and cannot be accessed by Roll20's own servers.
Steke also wanted to assure users that Roll20 will continue investigating the matter and keep everyone updated. "We know it's frustrating to not have all the facts, and we're working to uncover the full extent of this breach. We will be continuously updating our members with information as our investigation continues," he wrote.
The hacker is reportedly selling information in exchange for Bitcoins.
Related: The Crew for Star Wars Episode IX had to Use Old Cellphones on Set to Avoid Leaks