Blizzard Sued over Battle.net Authentication

[HawkMan]

This is pretty true. I had a secure password and stopped playing. About half a year later my account was hacked.

Was it actually hacked or did you get a mail saying it had been hacked.

[LaP]

Dumb. #1 It's optional and not mandatory.

It is mandatory. Blizzard security is not first class. In fact this is probably one of the less secure online service around.

I got my battle.net account hacked even if i was using a perfectly secure password 10 random digits (numbers and letters with a cap and a special) that was unique. I did not have any keyloggers on my system and did not fall for any scam or phishing. All the addons was clean addons millions of people use like dbm and i downloaded them using my 2nd PC. Never bought money i farm my own things. The PC was clean as it is also my work PC and i never use it to browse sites that are not offcial or forums (like neowin) or to check hotmail or gmail. This is my work PC and it is used to work only (check my work emails, browse msdn and such) and also play games since it is a good machine. I use my 2nd less powerful PC to browse the web and do not so much secure things. I'm 100% sure the breach came from Blizzard side.

I never got hacked ever. Not before not after. Hotmail never hacked. Gmail never hacked. Guild Wars 1 and 2 never hacked. Live never hacked. I think most people using battle.net without an auth got hacked at least once.

I will honestly not shed a tear for Activision Blizzard after faction change. They got greedy and i would call this karma. Well deserved class action lawsuit.

[Lord Method Man]

i was forced to use one by blizzard after my account was comprimised or they wouldnt reinstate my account, and hell it was thier fault my account was comprimised not mine

I can't wait to hear your explanation as to how its Blizzard's fault your account was compromised.

[HawkMan]

I never got hacked ever. Not before not after. Hotmail never hacked. Gmail never hacked. Guild Wars 1 and 2 never hacked. Live never hacked. I think most people using battle.net without an auth got hacked at least once.

Yeah, not even close.

[shakey]

Since Blizzard doesn't even make passwords case sensitive, it opens everyone's accounts up to being hacked rather easily. Doesn't take long for people to brute force a password, especially when you don't have to do capital letters anywhere.

Blizzard has posted time and time agian, if you don't have an Authenticator, you are compromising your account. That if you do get hacked, it will be harder to get anything back because you "Didn't take ALL the avenues to secure it."

Due to blizzard basically saying in the past that an Authenticator is needed to keep your account secure, they have opened themselves up for this.

Doesn't matter what you think, because the law doesn't work that way. There is merit to this suit, although in reality, it is stupid.

[HawkMan]

capitals doesn't necessarily make your password safer.

[Xilo]

Was it actually hacked or did you get a mail saying it had been hacked.

It was hacked. I have 2 WoW accounts. One had gotten banned for botting/gold selling.

[shakey]

capitals doesn't necessarily make your password safer.

Sure it does. It adds an extra layer of protection. You could have horseapplestaplebattery, or you could have HorseaPPlestaPLEbatterY, which would make it even more complex. It doesn't make sense to leave an option out that only helps strengthen something.

[Zinomian]

Not sure the lawsuit makes sense, unless the guy wants restitution for the $4 or so it costs to get the authenticator. For those almighty people here saying that the hacking is "Your fault!" not Blizzards, you may want to research the issue and see how many people with and without authenticators have been hacked. I myself was hacked, and had a very very good password for the account as well as an authenticator; now, before you say "well, it had to be your computer!", i give you some info about my pc and me. I am an IT manager who has worked for companies such as Symantec IT internal department, MessageLabs IT internal department and now a private Chemical plant, again internal IT deparment....so with all that in mind, i have made sure that my PC IS as secure and clean as possible, not only for a stupid game, but also to make sure information on my pc is not compromised.

I also ran wow clean, without addons etc, and any updates were all downloaded using the client....so when my account got hacked, i made sure to do before calling blizzard a full forensic analysis of my machine, including firewall logs, av scans, spyware scans, etc, etc, etc......what i found was that my computer was clean, and my account was hacked either directly from Blizzard or my isp had some issues with man in the middle attacks, and blizzards traffic encryption had or has been compromised (do not know which).

So, going back to the suit.....smart? maybe, depends what the person wants, if he wants restitution for the authenticator then sure, have blizzard refund his $4 or so...anything else is a joke, although having blizzard change some of their warnings or making them give out warnings when something does happen like getting hacked would be nice.

[dead.cell]

While many times it's the user's fault for being hacked, there are times when they truly did nothing wrong.

I have 2 WoW accounts for example, both with strong unique passwords not used anywhere else. My main one has an authenticator on it, and was never hacked. My old one however, despite not being in use anymore, didn't have an authenticator. 2 years of having not logged into that account, I receive an email that the account has been suspended. Not exactly sure what the hell they did to break into the account, as my password was strong, unique, and hadn't even been used for 2 years...

Same thing happened to a friend of mine with his Guild Wars account.

So yeah, I'm quite under the belief that if you don't have an authenticator, you will likely be hacked eventually. Doesn't matter if hasn't happened thus far, it's still possible, even if your account isn't in use.

---

Anyway, I'm definitely no fan of Blizzard these days. Still, I think this case is just straight baloney. :sleep2:

[Lord Method Man]

While many times it's the user's fault for being hacked, there are times when they truly did nothing wrong.

I have 2 WoW accounts for example, both with strong unique passwords not used anywhere else. My main one has an authenticator on it, and was never hacked. My old one however, despite not being in use anymore, didn't have an authenticator. 2 years of having not logged into that account, I receive an email that the account has been suspended. Not exactly sure what the hell they did to break into the account, as my password was strong, unique, and hadn't even been used for 2 years...

Same thing happened to a friend of mine with his Guild Wars account.

So yeah, I'm quite under the belief that if you don't have an authenticator, you will likely be hacked eventually. Doesn't matter if hasn't happened thus far, it's still possible, even if your account isn't in use.

---

Anyway, I'm definitely no fan of Blizzard these days. Still, I think this case is just straight baloney. :sleep2:

Are you sure those weren't phishing emails like the ones every gets regardless of if they even play the game?

[dead.cell]

Are you sure those weren't phishing emails like the ones every gets regardless of if they even play the game?

No, but I do get those as well. I never open them, and they're properly placed in the spam section of Gmail. I worked with Blizzard to have the account restored, simply for the fact that it was my account and I didn't want anyone using it for whatever malicious purposes. Also slapped the iOS authenticator on it for (free) added safety.

[HawkMan]

Sure it does. It adds an extra layer of protection. You could have horseapplestaplebattery, or you could have HorseaPPlestaPLEbatterY, which would make it even more complex. It doesn't make sense to leave an option out that only helps strengthen something.

But it only makes it more complex to remember.

[Xilo]

Are you sure those weren't phishing emails like the ones every gets regardless of if they even play the game?

I know in my case it wasn't. I know which ones are real/fake but even then, for ANY link dealing with accounts, I always check to see if the link is actually valid. I've never had anything hacked before.

This is pretty common with WoW. Lots of people I've known that practice good computer security stopped playing WoW and then had their accounts hacked (they didn't have authenticators). Authenticators are pretty much a requirement now or you're guaranteed to get hacked...

[shakey]

But it only makes it more complex to remember.

Not by much. And the added security can only help.

[HawkMan]

Not by much. And the added security can only help.

Not really, there's a level where security peaks and there's not really a point in adding further security anyway, and it does make it significantly harder to remember when random stuff in the password is upper cased.

Personally my password isn't technically nearly as complex as the base password there. but in reality it's more secure and shorter and doesn't rely on any special cases, and I don't get hacked.