“Consumer protection attorneys with the law firm Carney Williams Bates Pulliam & Bowman, PLLC filed a class action lawsuit against video game developer Blizzard Entertainment, Inc. and its parent company, Activision Blizzard, Inc., on behalf of millions of American customers who have been harmed by Blizzard’s negligent and deceptive practices related to its customers’ account security.”
The suit alleges that Blizzard fails to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing. Essentially, what it boils down to, is that Blizzard are being sued for not telling people at the time of purchasing one of their games that they’ll need a battle.net account to play them, and that, in order to keep that battle.net account secure, they ought to have an authenticator.This is referred to as “deceptive upselling” despite the fact that anyone with a smartphone has access to authenticators for free. The suit goes on to add that “Blizzard’s negligence in maintaining proper security protocols compromised millions of customers’ email addresses, passwords, answers to personal security questions, and other items of sensitive information.”
But that’s not the key grounds of the suit, from the press release sent to GAMEBREAKER by Carney Williams. To quote:
“The bottom line,” says Carney Williams’ representative, “is that Blizzard should not be passing the costs of basic account security on to consumers after selling them these games. They need to be honest if they’re going to saddle people with additional costs. They need to be up front about the level of protection they will provide to their customers, and they cannot be negligent in maintaining proper security protocols.”
NielsenWire, technology analyst group, assert that 50.4% of US residents use smartphones. The percentage is as high as 80% in people aged between 18 and 34, arguably the majority of Blizzard’s customer base for its games, and to whom it provides the completely free-of-charge battle.net authenticator, downloadable onto any smartphone. The suit further claims that these Smartphone authenticators were rendered useless by the security breach in August, but this doesn’t seem to be supported by any evidence.
The suit itself is filed principally by two plaintiffs, one of which is a Diablo III player whose complaint was that his account, which didn’t have an authenticator, was compromised, but Blizzard didn’t contact him directly in order to inform him of this compromise. The plaintiff asserts that, despite having a Diablo III subscription, he “does not use [Blizzard's] MMORPG products.” The second plainitiff plays Warcraft, Starcraft and Diablo, and has several authenticators. His account was among those breached in August, and also asserts that he was not personally informed of the breach.
GAMEBREAKER doesn’t pretend to be lawyers, but we certainly received notice via our battle.net registered email addresses as well as on the Blizzard website. Whether this is sufficient, we’re not sure!
What’s your take on this, though? Reasonable? The only thing I can get out of it that might be worth debating is whether authenticators should come free with games for those without smartphones. Because they’re already free for those with smartphones.
The latest news on this is that Blizzard has released a statement in response. To cut a long story short, the suit is without merit, and based on false allegations, and untrue or incorrect information. Blizzard’s team intend to fight this, and it seems like a lot of loyal fans will be on their side. See Blizzard’s full statement below:
This suit is without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels.
We want to reiterate that we take the security of our players’ data very seriously, and we’re fully committed to defending our network infrastructure. We also recognize that the cyber-threat landscape is always evolving, and we’re constantly working to track the latest developments and make improvements to our defenses.
The suit’s claim that we didn’t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed. You can read our letter to players and a comprehensive FAQ related to the situation on our website.
The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player’s Battle.net account information that’s stored on Blizzard’s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.
When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player’s login credentials. This helps our systems identify when it’s actually the player who is logging in and not someone who might have stolen the player’s credentials by means of one of the external theft measures mentioned above, or as a result of the player using the same account name and password on another website or service that was compromised. Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.
Many players have voiced strong approval for our security-related efforts. Blizzard deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit.