Battle.Net Hack Results In, Yep, A Class-Action Lawsuit Against Blizzard

Battle.Net Hack Results In, Yep, A Class-Action Lawsuit Against Blizzard

A US law firm specialising in consumer protection cases slapped Blizzard, the makers of World of Warcraft, StarCraft and Diablo III, with a class action lawsuit over its sale of two-factor account authenticators, a claim the company says is without merit.

Yes, you can get a completely free Battle.Net account authenticator through the use of a smartphone app, which Blizzard makes available for iOS, Android and Windows Phone. If you don’t have a smartphone, you can purchase a keychain authenticator for $US6.50. If you don’t have a smartphone and don’t want to pay money, you better use a unique password. Battle.Net was hacked back in August, exposing the email addresses of those on Blizzard’s North American servers.

All of this equates to “negligent and deceptive practices related to [Blizzard’s] customers’ account security,” according to Carney Williams Bates Pulliam & Bowman, PLLC, the firm litigating Benjamin Bell et al vs Blizzard Entertainment Inc. Kotaku was sent a copy of a news release about the lawsuit yesterday.

The claim draws on the August 9 breach of Blizzard’s servers to argue that, in order to truly secure their information, Blizzard customers must take extra steps, and the sale of authenticators — even if a free alternative is available — constitutes “deceptive upselling”. The suit also is none too happy with “Blizzard’s negligence in maintaining proper security protocols”.

Pardon me, but this sounds like a bit of an overreach. For starters, there is a free option for two-factor authentication. And yes, ownership of a smartphone is not some mandatory citizenship requirement, but a lot of people have one. A lot of people also use Google Mail and Facebook, which also offer two-factor authenticator apps, as an optional security enhancement, which is exactly what Blizzard calls this extra step. That said, Blizzard has required that anyone selling items in Diablo III‘s real-money auction house must use an account authenticator. Again, there’s a free option available.

Whatever, smarter legal minds than mine brought this suit and will fight it out. Blizzard, in a statement to Forbes, vowed to fight the suit. “This claim is also completely untrue, and apparently based on a misunderstanding of the Authenticator’s purpose,” it said. “The Authenticator is an optional tool that players can use to further protect their accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure.”


    • How many times has someone attempted to hack your account? Unless you know that you can’t make any claims as to how effective it is.

      Reminds me of that tiger proof rock skit in the Simpsons bear patrol episode.

      • I dunno, Im not stupid enough not to use it 😉 By using all available methods of security for my account I ensure its got more safety than normal accounts. Not even comparable to the tiger skit dude. Sorry.

        • You have been sold a device, that by the claims of the seller will ensure your account does not get hacked. And you say it works amazingly well but have no idea whether anyone has even attempted to hack your account or not?

          I don’t see any tigers around, do you?

          • I havent been sold anything, I downloaded the app on my phone which was free 🙂 Nice assumption. Btw, theres a reason a lot of companies use things like this, it gives an added layer of security. I guess you’re ok with just a minor password, just one level for someone to get through before they nick your stuff 🙂 Have fun with that!

            Oh and yeah I do, I live near the goldcoast where there’s Tiger Island.

          • Well I’m still not seeing evidence that someone has attempted to hack your account but was thwarted by the authenticator, I’m not saying it can’t but you can’t claim amazement at its functioning when you don’t know whether anyone even has tried.

            As for the game I got to level 10 in two different classes before I got the game refunded, game was rubbish.

          • Thats what this is about dopefishhh, not the authenticator. You just dont like Blizzard products. See the post I just made below. Transparent as hell.

          • Oh and, its better to put into action methods to avoid stuff like that happening rather than pissing and whining after the fact.

          • I completely agree, security is all about preparation. The authenticator itself should theoretically work provided there’s no flaws in its implementation and blizzard don’t get hacked themselves.

            The physical authenticator would be a lot more secure. Any number of disasters can befall your phone, good luck logging in when you left your phone in the back of a taxi.

          • I don’t do that. Plus my phone is locked with a ten digit password, letters and numbers, good luck cracking that before I can replace all my details and replace the authenticator. Listen I get you’re trying to ‘win’, I could give a toss. But the fact is the authenticator is a good idea and your hamfisted attempt to disprove it and hate on Blizzard for it (one of their few genuinely good ideas), is misguided and really *really* transparent.

    • When I tried to order one online the order process kept locking up and looping on itself. So I sent a help request to Blizzard.
      A few days later the authenticator arrived on my door step. They sent me one for free.

  • This seems a bit harsh. I wont dispute any of the stuff about their security but offering smart phone and physical authenticators should be encouraged. It’s a pain if you ever lose your phone but overall it’s a great system. The first thing I do with a new MMO is look for an authenticator. With smartphones being so readily available I’d be chasing those who don’t offer app based authenticators.
    I’d feel a lot safer with the PSN and XBOX Live if they’d give me an authenticator. On the subject, why the hell doesn’t my bank offer it?

    • Probably because they haven’t worked out a way to charge people for each time they use it to get an authenticator code.

    • A great number of banks do these days, they offer them from Free to about $15 depending on which bank. Most of them have it, but wont market or mention it to you unless you specifically ask about it. I’ve got one for Commbank and Teachers Mutual Bank 😉 Also its worth googling YubiKey for two factor auth also.

  • tl;dr, people mad that their account got hacked and trying to find excuses for not obtaining an authenticator. It’s obvious why accounts get hacked in Blizzard games more than any others, it’s because it’s almost more profitable and legally safer to hack their accounts than it is to hack people’s bank accounts.

  • I was hacked once, and when I was on the phone to Blizz customer support, they asked if I wanted to buy one, I said no of course. She then proceeded to say, “Ah screw it we’ll just give you one”.

    So yeah.. Heaps evil corporation!

  • This is just petty, because blizzard offers a free alternative to account security. That, honestly most.people will probably have access, so how is that neglect?

  • this is just plain stupid… there is an option to make it secure and its free (with in the reasons) thats a lot more thn other companies do

  • I used the authenticator for years, got lazy and removed it (this was before they created the affinity with your IP). Then I got hacked, put the authenticator back on.

    There are countries whose entire livelihood is hacking MMOs, I think there is a bit of buyer beware here.

    However – blizzard have always taken care of their security well. It’s tempting to say – we must teach them a lesson to keep things secure, however blizzard isn’t the right target – i think they do invest heavily in security.

  • This is a joke, no matter how smart Blizzard think their IT is there is a world of hackers out there that will buy and sell them in skills. It’s not their fault, someone will always find a loop hole. Stupid US law suits just trying to cash in and kick them while they’re down.

  • Should be secured properly by blizzard. Talk about blaming your customers for your own incompetence. Oh we got hacked – your fault pay us.

Show more comments

Log in to comment on this story!