Roll20 said that on June 29 it had detected that a “bad actor” gained access to an account on the company’s administrative website for one hour.