Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
April 19, 2014
arrowPress Releases
April 19, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM TechWeb sites:


Blizzard sued over lax security in Battle.net hacking
Blizzard sued over lax security in Battle.net hacking
November 9, 2012 | By Eric Caoili

November 9, 2012 | By Eric Caoili
Comments
    16 comments
More: Console/PC, Social/Online, Business/Marketing



Blizzard Entertainment is facing a class action lawsuit for allegedly not doing enough to protect its customers' private information when hackers breached the security of its Battle.net service.

Last August, hackers managed to break into Battle.net -- which is used for the online features of popular Blizzard games like Diablo III and StarCraft II -- and steal user data including email addresses, personal security questions, and information related to the mobile/dial-in authenticators meant to offer more security to users on the service.

And now lead plaintiff Benjamin Bell is suing Blizzard and its parent company Activision Blizzard, seeking damages for consumer fraud, negligence, unjust enrichment, breach of contract, and bailment, according to a report from Courthouse News.

The suit takes particular issue with Blizzard "deceptively and unfairly" requiring players to purchase additional products to protect their accounts instead of making its service more secure. Bell claims that Blizzard has made $26 million from sales of its authenticators.

"Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website," reads the complaint, which was filed with the California Central District Court.

Bell also says that Blizzard did not take the legally required steps fo alert players that their accounts were compromised. He is seeking class damages and an injunction to prevent Blizzard from requiring users to sign up for Battle.net accounts to play its games, and from requiring after-sale products to enhance customers' security.

Sony also suffered a high-profile security breach last year when hackers stole the private information for millions of PlayStation Network subscribers. Multiple class action suits have been brought against the company over its failure to protect users' data.

[UPDATE: Blizzard has responded to news of the lawsuit, stating that it notified players as quickly as it could about the breach. "Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed," it said.

Regarding Bell's suggestion that the additional products for making a player's account more secure are deceptive, the company stated, "This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator's purpose."

"Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do."]


Related Jobs

Treyarch / Activision
Treyarch / Activision — Santa Monica, California, United States
[04.19.14]

Associate Art Director - Treyarch
Treyarch / Activision
Treyarch / Activision — Santa Monica, California, United States
[04.19.14]

Associate Animator (temporary) - Treyarch
Activision Publishing
Activision Publishing — Vancouver, British Columbia, Canada
[04.19.14]

Principal Graphics Programmer
Activision Publishing
Activision Publishing — Santa Monica, California, United States
[04.19.14]

Executive Producer-Skylanders










Comments


Alex Boccia
profile image
I use an SMS authenticator for free...

Matt Robb
profile image
Wow, this lawsuit is nuts. First, the information the hackers accessed was simply the information used to access accounts. Nothing financial. Second, the level of security provided is industry standard. Third, the authenticators are optional and they provide free alternatives for those that own compatible devices. Fourth, Blizzard just makes online games anymore, so you need some kind of account to identify yourself.

*boggle*

Joe Wreschnig
profile image
"the level of security provided is industry standard."

This is a meaningless statement. Auto manufacturers said exactly the same thing about car safety to the allegations in Unsafe at Any Speed, for example.

If "industry standard" is crap - and I assure you for computer security it is - it's time to hold industry's feet to the fire.

Duong Nguyen
profile image
If companies are not held accountable they will not change, simple as that. When Blizzard is holding access to billions of dollars worth of user data and accounts access, they better take proper precautions.

Ian Uniacke
profile image
It depends on the practicable nature of higher security though. If by higher security you mean putting all the names in a lead box and dropping it to the bottom of the ocean than the courts will still see it as frivolous.

Tomas Majernik
profile image
My D3 account was hacked (ofcourse nobody informed me) and then when I wanted to use RMAH I was told I need to buy an authenticator. As much as I like Blizzard, I agree with Mr. Bell here.

Matt Robb
profile image
Blizzard requiring you to use an authenticator (free on phones) before they'll start doing real financial transactions on your account after you had already been hacked? For shame!

Note when people say they've been hacked, it usually means someone got their password from somewhere else. I know a large number of accounts were compromised when Curse got hacked and people were using the same email/password for their Battle.net account.

William Johnson
profile image
@Matt Robb
My actual guess is that there are bots that are constantly spamming battle.net (probably through one of the clients to avoid CAPTCHA) trying to get access to everyone's information. And judging by the fact that they don't have a lockout feature for if you put in the wrong data, no case sensitivity in passwords, etc etc, its only a matter of time before a bot finds you and cracks your password.

Blizzard's security is garbage.

Adam Bishop
profile image
There is a legitimately interesting question for courts or legislators to decide on here: how much protection, exactly, can service providers legitimately be expected to provide?

Michael Wenk
profile image
I'm gonna guess if the SOE lawsuit gets dismissed, that this one will as well.

Jonathan Murphy
profile image
Dear douchebag hackers. Please stop ruining our games and go back to taking down corrupt corporations who have far more money to steal.

-Sincerely, Gamers

William Johnson
profile image
So you're advocating them to attack Activision/Blizzard?

('cause they're corrupt. Just in case I was being too subtle)

Doug Poston
profile image
While this could have just been a "douchebad" script kiddies out for a thrill, or "hacktivists" out to stick it to "da man", it's most likely a "smash-and-grab" criminal.

It's the same type of person who steals a car stereo from a POS Civic parked on an under-lit street. They don't do it to make a statement, or because it's a challenge, they do it because it's easy money.

James Orevich
profile image
On a somewhat related topic, I've always had this question at the back of my mind.

In the Terms and Agreements, (legal stuff etc) for certain games and Xbox live (I assume this includes Diablo/Wow) the user is required to wave their right to participate in a class action lawsuit. If that's the case, how does a lawsuit like this happen?

Alternatively, I could be entirely mistaken. Any clarification would be greatly appreciated.

Ian Uniacke
profile image
You can't sign away certain rights, such as the right to a class action lawsuit. This clause would therefore be ignored by the courts. But even if it stops one ignorant person from joining a suit than it's probably worth them adding it.

Ian Uniacke
profile image
This sounds like some angry Diablo 3 hater just trying to make a point. Completely frivolous law suit.


none
 
Comment: