Blizzard Sued over Battle.net Authentication

[Asrokhel]

LOS ANGELES (CN) - Publishers of "World of Warcraft" and other blockbuster video games make millions by "deceptively and unfairly" charging customers for an after-sale security product to protect their private information from hackers, a class action claims in Federal Court.

Lead plaintiff Benjamin Bell sued Blizzard Entertainment, of Irvine, and its corporate parent, Santa Monica-based Activision Blizzard.

Bell seeks class damages for consumer fraud, unjust enrichment, negligence, breach of contract and bailment. He claims that the same security problem, and after-market fix, occurs in defendants' games "Starcraft" and "Diablo."

Bell claims that game players have to pay $6.40 for a product called the Authenticator to protect their private information from hackers.

Sales of Authenticators, which come as a physical product or download, have brought in $26 million, according to the complaint.

Bell claims that Activision and Blizzard require gamers to use online accounts at the Battle.net website, which collects and stores customers' private information.

Blizzard puts the onus on gamers to buy additional products or tighten security on their devices, rather than making customer accounts more secure, Bell claims.

"Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website. As a result of these acts, the private information of plaintiffs and class members has been compromised and/or stolen since at least 2007," according to the 33-page complaint.

"Most recently, on or about May 19, 2012, reports proliferated that class members' Battle.net accounts had suffered a security breach ('hack') at the hands of unknown parties ('hackers'), and on or about August 4, 2012, hackers massively breached Battle.net's security and acquired the private information of all of defendants' customers in the United States, as well as the remainder of North America, Latin America, Australia, New Zealand, and Southeast Asia."

Though account details for millions of gamers were compromised or stolen, Bell says, neither Activision nor Blizzard took "the legally required steps to alert" gamers.

Bell seeks class damages and an injunction to bar the defendants from "tacking on" undisclosed costs after customers have bought games, and from requiring them to sign up for Battle.net accounts.

The class is represented by Hank Bates with Carney Williams Bates Pulliam & Bowman, of Little Rock, Ark.

Activision Blizzard did not immediately respond to an emailed request for comment.

http://www.courthousenews.com/2012/11/08/52109.htm

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Lawsuit alleges Blizzard "deceptively and unfairly" charged players to secure their data.

Blizzard is being sued over the Battle.net authentication used in multiple games including Diablo III. A class action suit led by plaintiff Benjamin Bell is seeking damages for "consumer fraud, unjust enrichment, negligence, breach of contract and bailment," claiming that Blizzard is "deceptively and unfairly" charging some users to secure their data from hackers.

Bell is specifically referring to Blizzard?s $6.50 keychain authenticators, alleging that Blizzard has made $26 million by selling them. The suit accuses Blizzard of unfairly requiring users to use Battle.net and says the company has continued to ?negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website.? Bell points to multiple hacking incidents -- including May?s Diablo III hacks -- as evidence that Blizzard failed to take "the legally required steps to alert" players.

Bell is seeking damages and an injunction to bar Blizzard from ?tacking on? costs after games have already been purchased. He also seeks to stop Blizzard from requiring players to sign up for a Battle.net account.

We reached out to Blizzard about the suit and a spokesperson sent IGN the following statement:

"This suit is without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels.

We want to reiterate that we take the security of our players? data very seriously, and we?re fully committed to defending our network infrastructure. We also recognize that the cyber-threat landscape is always evolving, and we?re constantly working to track the latest developments and make improvements to our defenses.

The suit?s claim that we didn?t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed. You can read our letter to players and a comprehensive FAQ related to the situation on our website.

The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player?s Battle.net account information that?s stored on Blizzard?s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator?s purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard?s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.

When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player?s login credentials. This helps our systems identify when it?s actually the player who is logging in and not someone who might have stolen the player?s credentials by means of one of the external theft measures mentioned above, or as a result of the player using the same account name and password on another website or service that was compromised. Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.

Many players have voiced strong approval for our security-related efforts. Blizzard deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit."

http://ca.ign.com/articles/2012/11/10/blizzard-sued-over-battlenet-authentication

[CactuzJak]

Dumb. #1 It's optional and not mandatory. #2 It's a free app on smart phones. #3 You're not actually paying for a physical authenticator if you get one you're paying for the shipping. #4 Dumb.

[Rippleman]

some people just don't get it.... Its a device to help the end user keep their password safe from forces OUTSIDE blizzards control.

side note: been playing for 6 years WITHOUT an authenticator and not once had my password compromised. For those without malwarebytes pro, yes, use an authenticator! ;)

[Krome]

lol @ reason #4

[HawkMan]

some people just don't get it.... Its a device to help the end user keep their password safe from forces OUTSIDE blizzards control.

side note: been playing for 6 years WITHOUT an authenticator and not once had my password compromised. For those without malwarebytes pro, yes, use an authenticator! ;)

If you use more than one PC and/or move your laptop between two or more locations you pretty much need an authenticator or Blizzard will close your account for suspicious behavior or possibly having been hacked. Happened to both me and my GF several times now before we just added the authenticator to our smart phones, which is annoying since we both have secure passwords and this adds another annoying step to logon, granted you only need to really do it once per computer but still.

And you don't need malwarebytes to be secure, you just need common sense,

[+ir0nw0lf Subscriber²]

If you use more than one PC and/or move your laptop between two or more locations you pretty much need an authenticator or Blizzard will close your account for suspicious behavior or possibly having been hacked.

Rubbish. Might happen to a small portion of people. I have D3 and/or SC2 and/or WoW on one machine at home, one at work for years, no issues at all, no software/hardware authenticators ever.

[Rippleman]

If you use more than one PC and/or move your laptop between two or more locations you pretty much need an authenticator or Blizzard will close your account for suspicious behavior or possibly having been hacked. Happened to both me and my GF several times now before we just added the authenticator to our smart phones, which is annoying since we both have secure passwords and this adds another annoying step to logon, granted you only need to really do it once per computer but still.

And you don't need malwarebytes to be secure, you just need common sense,

common sense comes in many many forms, some of which not everyone has, including you, and including me. I have 3 machines that i play wow on, not including my sons laptop so that makes 4. No log in issues.Maybe you are doing it wrong.

[Jub]

This just took the prize as most ridiculous lawsuit ever.

[Alwaysonacoffebreak]

Since when does Battle.net actually force you to use it? Oh wait...it doesn't. Been playing SC2 on 3 different PC's and no problems what so ever.

[HawkMan]

common sense comes in many many forms, some of which not everyone has, including you, and including me. I have 3 machines that i play wow on, not including my sons laptop so that makes 4. No log in issues.Maybe you are doing it wrong.

Nope, Blizzard even said it was because we moved our laptops and used multiple computers.

[Xoligy]

Sorry

common sense comes in many many forms, some of which not everyone has, including you, and including me. I have 3 machines that i play wow on, not including my sons laptop so that makes 4. No log in issues.Maybe you are doing it wrong.

If your using the same IP with the laptops you should not have any issues its when you change ips like myself because i use a VPN service. I have contacted blizzard twice about being locked out and the annoyance its caused me at having to change passwords for them to send two copy and pasted emails saying the same crap that its there for my added security to protect me against hackers and even then its taken five days per email to be responded too (probably because others are complaining).

As for the optional authenticator its overpriced and 9/10 cases just gathers dust its a waste of money and could be sent for users at a lower price.

"Free" smart phone app, another pointless thing that would just take up space on a phone that i dont use in fact right now it been off for a month and is sat on the table i see it as bloatware because i would never use it.

All in all i think blizzards "added" security is crap and a nuisance to those that use a vpn service as there is no way to add extra ips or to even turn it off if we wished to do so. Anyway im off for a full english.

[seta-san]

if blizzard sells them for free and only charges shipping couldn't blizzard save a ton of money and time by shipping them en-masse to walmarts/target/etc to distribute for free to people who buy blizzard games?

[Asrokhel]

Since when does Battle.net actually force you to use it? Oh wait...it doesn't.

Diablo III comes to mind!

[HawkMan]

Diablo III comes to mind!

While I haven't played for a while since the game was boring after I finished it once. I was never forced to use a authenticator. I added mine after I stopped playing.

[+DKAngel Subscriber²]

i was forced to use one by blizzard after my account was comprimised or they wouldnt reinstate my account, and hell it was thier fault my account was comprimised not mine

[ahhell]

It's almost a given that if you DON'T use an authenticator, your account WILL be compromised.

Blizzard is basically forcing their customers to pay because Blizzard's security is abysmal.

[HawkMan]

It's almost a given that if you DON'T use an authenticator, your account WILL be compromised.

Blizzard is basically forcing their customers to pay because Blizzard's security is abysmal.

umm no, that's BS. use a good password and you won't get hacked. neither me nor my girlfriend ever got hacked before we added our athenticators this summer.

[Skyfrog]

It's almost a given that if you DON'T use an authenticator, your account WILL be compromised.

Blizzard is basically forcing their customers to pay because Blizzard's security is abysmal.

Nonsense, I played for six years and was never hacked. Use a proper password and some common sense. Certainly having an authenticator is a good idea, it's one more layer of security but saying you WILL get hacked without one is absurd. That said this lawsuit is ridiculous and should be thrown out.

[Elliott]

it was thier fault my account was comprimised not mine

I'd love to hear your reasoning because I'm pretty sure it's a load of ****.

[123456789A]

if blizzard sells them for free and only charges shipping couldn't blizzard save a ton of money and time by shipping them en-masse to walmarts/target/etc to distribute for free to people who buy blizzard games?

No, because then people will complain that Blizzard didn't provide them with free transportation to pick them up from Walmart.

[Rippleman]

i was forced to use one by blizzard after my account was comprimised or they wouldnt reinstate my account, and hell it was thier fault my account was comprimised not mine

someone stealing your password because of your actions is their fault?

[_neutrino Veteran]

this suit is really stupid. they are claiming that they force people to buy something to guarantee security when they don't need to buy anything there are several free options and it is OPTIONAL additional security not mandatory. they are not suing saying that the servers not insecure they are suing about making money from the authenticators.

[benthebear]

umm no, that's BS. use a good password and you won't get hacked. neither me nor my girlfriend ever got hacked before we added our athenticators this summer.

Nonsense, I played for six years and was never hacked. Use a proper password and some common sense. Certainly having an authenticator is a good idea, it's one more layer of security but saying you WILL get hacked without one is absurd. That said this lawsuit is ridiculous and should be thrown out.

Why pick a good password when you can pick a very strong and excellent one? Well, even if you do there's still a chance that your account can become compromised. Also, just because it hasn't happened to you in x amount of years doesn't mean that it can't happen to someone else in x amount of hours.

Case in point, I stopped playing WoW in December of 2010. In November of 2011, some Chinese farmer started running around on my toon. He was able to level my character to 85 and get a few achievements done before getting my account locked. So, my question was, how did someone just guess my password that contained a bunch of random upper and lower case letters, numbers, and symbols? It was a fairly new password that I only used for Battle.net. I did a deep system scan of OS X, and nothing turned up (note: nothing turned up in the years that I did scans.), and I make it a point to stay 100 miles away from UI addons, gold buying services, using the password for another service, or anything else under the Sun that could compromise one's account.

tl;dr, my **** is pretty locked down, but my account was still compromised.

Just two weeks ago, someone maliciously got into my Google account. However they managed to do it, (the password was even more random, longer, and stronger than my battle.net one) Google flagged it immediately and blocked them from accessing it, so now I use the two step verification.

I'm sorry, but the days of using just a good password and some common sense are long over. I don't even think that there were ever days doing only so was acceptable. Just because it hasn't happened to you yet doesn't mean that you're smart. It just means that you're lucky.

[HawkMan]

they don't need access to your computer to hack your WoW account, they could have hacked your gmail which you just said got hacked, they can do a man in the middle attack. they could have tricked you with one of the better versions of those scam emails they send out. there's any numbers of ways to do it and most of them is your fault not Blizzards.

Also I replied to a post that said, and I quote

It's almost a given that if you DON'T use an authenticator, your account WILL be compromised.

And lets face it, the majority of players don't get "hacked".

[Xilo]

It's almost a given that if you DON'T use an authenticator, your account WILL be compromised.

Blizzard is basically forcing their customers to pay because Blizzard's security is abysmal.

This is pretty true. I had a secure password and stopped playing. About half a year later my account was hacked.