A class action lawsuit claims that Blizzard is making millions from customers because it's not properly securing sensitive personal information.
Courthouse News reports that Blizzard Entertainment and parent company Acitivsion Blizzard are facing a class action lawsuit that claims the Diablo 3 developer makes millions by "deceptively and unfairly" charging customers for an after-sale security product.
Lead plaintiff Benjamin Bell, one of two listed in the filing, is seeking class damages for consumer fraud, unjust enrichment, negligence, breach of contract and bailment. The class action lawsuit is represented by Hank Bates with Carney Williams Bates Pulliam & Bowman, of Little Rock, Arkansas.
The lawsuit claims that Blizzard has been the subject of repeated security breaches including the Battle.net hack in August and those experienced in May. Instead of securing personal information on its servers, Blizzard is reportedly forcing customers to purchase an authenticator "in order to have even minimal protection for their sensitive personal, private, and financial data."
The lawsuit specifically names the Diablo and StarCraft franchises as two products that are affected by Blizzard's lack of proper security.
"Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website. As a result of these acts, the private information of plaintiffs and class members has been compromised and/or stolen since at least 2007," the complaint states.
"Most recently, on or about May 19, 2012, reports proliferated that class members’ Battle.net accounts had suffered a security breach (‘hack’) at the hands of unknown parties (‘hackers’), and on or about August 4, 2012, hackers massively breached Battle.net’s security and acquired the private information of all of defendants’ customers in the United States, as well as the remainder of North America, Latin America, Australia, New Zealand, and Southeast Asia," the complaint adds.
The lawsuit states that Activision Blizzard has earned $26 million USD from selling the $6.40 physical Authenticator product. It also alleges that Blizzard forces users to create an online account, and is leaving it up to those customers to tighten security on their devices rather than tighten security on Blizzard's end. Even more, the suit accuses Blizzard of failing to take the legally required steps to alert customers about the May 19 hacking incident.
Bell is asking the court to not only reward class damages, but seeks an injunction to bar the defendants from adding undisclosed costs after the initial software purchase. Bell is also asking the court to ban the requirement for establishing Battle.net accounts.
Note: Blizzard customers can download a free Authenticator app for Android and iOS devices. The lawsuit is addressing the various physical keychain versions that are available on Blizzard's store here.