Blizzard Sued For Trying To Make Accounts More Secure

from the oh-come-on dept

We've discussed in the past how the class action lawsuit system these days seems often to be more about a legal shakedown for lawyers, rather than anything really designed to help protect the public. The latest crazy lawsuit involves a class action lawsuit (pdf and embedded below) filed against Activision Blizzard... because the company is offering two-factor authentication. You see, Blizzard's Battle.net was hacked a few months back, leading to some email addresses being revealed. Also, like many other security minded places, Blizzard has been pushing two factor authentication to better secure your accounts. Blizzard's two-factor authentication can be downloaded for free on any iOS, Android or Windows Phone smartphone. If you don't happen to have any of those, but still want to use two-factor authentication, they will sell you a $6.50 fob. None of this seems out of the ordinary. Until you read the lawsuit, where these class action lawyers try to make it sound like some horrible scam.

Defendants' acts have not only harmed Plaintiffs and Class members by subjecting their Private Information to hackers, they have harmed Plaintiffs and Class members by devaluing their video games -- purchased from Defendants under certain assurances of security -- by adding elements of risk to each and every act of playing said games.

Moreover, rather than shouldering the burden of adopting sufficient security measures to prevent these repeated hacks and to protect the Private Information of their customers, Defendants instead have informed their customers, after the point of sale, that they must purchase additional security products in order to ensure the sanctity of their Private Information. These additional, post-purchase costs for security products -- which Defendants assert are the only measures that may be taken to ensure something even approximating account security when playing their video games -- were not disclosed to Plaintiffs and Class members prior to the purchase of Defendants' products.

Yeah, notice how they gloss over the fact that the system is free for anyone with a smartphone? And let's not even get into the fact that no system can be perfectly secure and, eventually, every system is going to get hacked. Just being hacked doesn't make you negligent. And, as we've seen, courts have time and time again refused to find any legal claims against sites that are hacked unless actual harm is shown to the users. The idea that providing two-factor authentication -- and charging the basic cost of the fob for the few folks who don't have a smartphone -- is some sort of sneaky business practice is just ridiculous.

Blizzard has hit back and slammed the lawsuit as being based on "patently false information."

The suit’s claim that we didn’t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed. You can read our letter to players and a comprehensive FAQ related to the situation on our website.

The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player’s Battle.net account information that’s stored on Blizzard’s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.

When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player’s login credentials. This helps our systems identify when it’s actually the player who is logging in and not someone who might have stolen the player’s credentials by means of one of the external theft measures mentioned above, or as a result of the player using the same account name and password on another website or service that was compromised. Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.

Many players have voiced strong approval for our security-related efforts. Blizzard deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit."

Hopefully the court understands just how ridiculous this case is and dumps it quickly.

Filed Under: battle.net, class action, security, two factor authentication
Companies: blizzard