Blizzard Facing Lawsuit Over Forceful Authenticator Purchases
A class action lawsuit claims that Blizzard is making millions from customers because it's not properly securing sensitive personal information.
Courthouse News reports that Blizzard Entertainment and parent company Acitivsion Blizzard are facing a class action lawsuit that claims the Diablo 3 developer makes millions by "deceptively and unfairly" charging customers for an after-sale security product.
Lead plaintiff Benjamin Bell, one of two listed in the filing, is seeking class damages for consumer fraud, unjust enrichment, negligence, breach of contract and bailment. The class action lawsuit is represented by Hank Bates with Carney Williams Bates Pulliam & Bowman, of Little Rock, Arkansas.
The lawsuit claims that Blizzard has been the subject of repeated security breaches including the Battle.net hack in August and those experienced in May. Instead of securing personal information on its servers, Blizzard is reportedly forcing customers to purchase an authenticator "in order to have even minimal protection for their sensitive personal, private, and financial data."
The lawsuit specifically names the Diablo and StarCraft franchises as two products that are affected by Blizzard's lack of proper security.
"Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website. As a result of these acts, the private information of plaintiffs and class members has been compromised and/or stolen since at least 2007," the complaint states.
"Most recently, on or about May 19, 2012, reports proliferated that class members’ Battle.net accounts had suffered a security breach (‘hack’) at the hands of unknown parties (‘hackers’), and on or about August 4, 2012, hackers massively breached Battle.net’s security and acquired the private information of all of defendants’ customers in the United States, as well as the remainder of North America, Latin America, Australia, New Zealand, and Southeast Asia," the complaint adds.
The lawsuit states that Activision Blizzard has earned $26 million USD from selling the $6.40 physical Authenticator product. It also alleges that Blizzard forces users to create an online account, and is leaving it up to those customers to tighten security on their devices rather than tighten security on Blizzard's end. Even more, the suit accuses Blizzard of failing to take the legally required steps to alert customers about the May 19 hacking incident.
Bell is asking the court to not only reward class damages, but seeks an injunction to bar the defendants from adding undisclosed costs after the initial software purchase. Bell is also asking the court to ban the requirement for establishing Battle.net accounts.
Note: Blizzard customers can download a free Authenticator app for Android and iOS devices. The lawsuit is addressing the various physical keychain versions that are available on Blizzard's store here.

2) Blizzard loses money on each sale because they sell it AT COST and ship for free
3) Blizzard uses Vasco Digipass units, which at retail cost €12.99 (Blizzard most likely gets a big discount for their bulk purchases)
http://shop.vasco.com/
2) Blizzard loses money on each sale because they sell it AT COST and ship for free
3) Blizzard uses Vasco Digipass units, which at retail cost €12.99 (Blizzard most likely gets a big discount for their bulk purchases)
http://shop.vasco.com/
So bllue think before you accuse blindly.
Right in one. A customer should NOT be required to spend more money to beef up security that should have already been there in the damned first place.
I foresee Blizzard settling this case REAL quickly.
You really believe Activision Blizzard loses money on each sale of authenticators? LOL
And secondly... if they bundled them with the game... then everyone is paying for them... even people that don't need them. Since they can get a free one on any device they might have that supports it... so why pay for one you won't use.
And in the US they charge out the wazoo for data for smartphones. That is the reason I don't have one.
The app maybe free, but the data isn't free from your carrier.
I can confirm that Blizzard does use the Digipass GO 6 for their authenticators and so does EA/Bioware for SW:ToR. I have one of each since I used to play both games and they are currently just chilling on my desk collecting dust.
Both say on the back "Digipass ® GO 6" "Made in China" with a different serial number and their own different bar codes as well.
Considering it costs them money to deal with the huge number of accounts that are stolen on a daily basis, yes. They probably end up breaking even or come out ahead in the end due to being able to use fewer GM's to handle account restoration.
Except the hack in May, many accounts that had smartphone authenticators experienced hacks which at first Blizzard denied than later admitted was true. A software based authenticator is hackable, a dongle one can only be hacked through a Man in the Middle attack which has to do with a keylogger intercepting the input of the code and someone immediately trying to use it once they receive the logged in hopes that the code is still valid. Blizzard was very slow in responding to this and even mislead people to the size of the breach.
If Blizzard loses money on the physical dongle, how can they report a PROFIT of $26million? You do realize reporting a profit means they MADE money, not lost money.
Easy, THEY HAVENT. The $26 million figure comes from the fact that 40% of users have one. Given the fact that there are roughly 10 million WoW players that is how you arrive at the $26 million figure. 4 million x 6.50 = 26 mil
http://www.geekosystem.com/blizzard-26-million-security-authenticators/
Unless they figured out a way to buy the devices for free from vasco (which as I stated, charges €12.99 for one) and ship them for free... they did not make $26 mil. Hell, even with a staggering $2 profit on each sale, they would have to sell 13 million of them (or every WoW player and a VAST majority of D3 players). Which is not likely given the fact that we are told only 40% of WoW players have them!
To play devil's advocate, can you really say that blizzard is paying at cost, when the only information you have to go off is the shelf price of the unit in question? Just because bacon is 3$ a pound a the store, does not mean that McDonalds pays that much to place it on it's burger, and then sell it to you.
I already addressed that with this statement: "Blizzard most likely gets a big discount for their bulk purchases" inside of that very quote
Then we should sue every free-to-play game in existence because our internet connection isn't actually free, and therefore they are adding additional costs without our knowledge or consent.
You realize that's a ridiculous argument right?
It might be vaguely justifiable if Blizzard was an IP, but they aren't. You should be well aware that you downloading something will incur download costs, regardless if the data being downloaded cost anything initially.
And whats to stop you connecting to a WiFi (Which is free at any McDonald's) and downloading the app through that?