A US law firm specialising in consumer protection cases slapped Blizzard, the makers of World of Warcraft, StarCraft and Diablo III, with a class action lawsuit over its sale of two-factor account authenticators, a claim the company says is without merit.
Yes, you can get a completely free Battle.Net account authenticator through the use of a smartphone app, which Blizzard makes available for iOS, Android and Windows Phone. If you don't have a smartphone, you can purchase a keychain authenticator for $US6.50. If you don't have a smartphone and don't want to pay money, you better use a unique password. Battle.Net was hacked back in August, exposing the email addresses of those on Blizzard's North American servers.
All of this equates to "negligent and deceptive practices related to [Blizzard's] customers' account security," according to Carney Williams Bates Pulliam & Bowman, PLLC, the firm litigating Benjamin Bell et al vs Blizzard Entertainment Inc. Kotaku was sent a copy of a news release about the lawsuit yesterday.
The claim draws on the August 9 breach of Blizzard's servers to argue that, in order to truly secure their information, Blizzard customers must take extra steps, and the sale of authenticators -- even if a free alternative is available -- constitutes "deceptive upselling". The suit also is none too happy with "Blizzard's negligence in maintaining proper security protocols".
Pardon me, but this sounds like a bit of an overreach. For starters, there is a free option for two-factor authentication. And yes, ownership of a smartphone is not some mandatory citizenship requirement, but a lot of people have one. A lot of people also use Google Mail and Facebook, which also offer two-factor authenticator apps, as an optional security enhancement, which is exactly what Blizzard calls this extra step. That said, Blizzard has required that anyone selling items in Diablo III's real-money auction house must use an account authenticator. Again, there's a free option available.
Whatever, smarter legal minds than mine brought this suit and will fight it out. Blizzard, in a statement to Forbes, vowed to fight the suit. "This claim is also completely untrue, and apparently based on a misunderstanding of the Authenticator's purpose," it said. "The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard's network infrastructure."