Blizzard Responds to Lawsuit Over Authenticators
Just as we thought: the recently-filed Authenticator-themed lawsuit against Blizzard is bogus.
On Monday Blizzard responded to a recent class action lawsuit filed against the World of Warcraft developer and its parent company, Activision Blizzard, which accuses both of forcing customers into purchasing added security. The suit alleges that Blizzard is being deceptive by not providing enough security on its end, thus forcing consumers into purchasing a physical "authenticator" device.
Naturally Blizzard said in its public statement that the entire lawsuit is without merit and based on "patently" false information. As we pointed out when the lawsuit was first revealed, Blizzard offers free apps for smartphones that can be used to authenticate the user's credentials when prompted – the physical $6.40 version is merely an optional accessory for those who can't/won't use the apps.
"We want to reiterate that we take the security of our players’ data very seriously, and we’re fully committed to defending our network infrastructure. We also recognize that the cyber-threat landscape is always evolving, and we’re constantly working to track the latest developments and make improvements to our defenses."
According to the lawsuit, Blizzard and parent company Activision "negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website. As a result of these acts, the private information of plaintiffs and class members has been compromised and/or stolen since at least 2007."
The lawsuit specifically points out two recent security instances which took place in May and then in August, both in 2012, which led to the theft of private information, and that Blizzard didn't properly alert customers about the latter incident. Blizzard naturally disputes this accusation.
"Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed," the company said. "You can read our letter to players and a comprehensive FAQ related to the situation on our website."
The suit also points out that Blizzard has accumulated around $26 million USD since the introduction of its $6.40 physical Authenticator product. Customers are also forced into creating an online account so that they can play Blizzard's products, thus requiring an added Authenticator because Blizzard is offering minimal protection on its end.
"This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose," Blizzard said. "The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."
For the record, Blizzard isn't the only company offering "authenticators" as an optional method of security. Google's two-step process requires users to add an additional code to their login that is texted to their smartphone. ArenaNet has an option allowing Guild Wars 2 users to confirm their login by way of an email each time they want to play.
To read Blizzard's entire response, GameInformer has a copy right here.
/lulz off
/lulz off
What is wrong with people.
That is what appears to be the case here, blame the developer for their own stupidity!
How hard is it to use logic
Oh Aunt Jennie is sick and this random company needs my credit card?! OK I'LL HELP! People who get hacked deserve to get hacked if they're dumb enough to fall for those types of scams.
Judging by the "logic" of your first statement, it must be pretty damn difficult to use. Thanks for the demonstration.
Right. That's what I do all day long. Go to Blizzard site to read comprehensive FAQs.
Even though they know my email, they didn't bother warning about breached security, nope.
Email is only for newsletters, you know.
So they had a problem.
They didn't bother admitting it in personal emails, even though it was VERY important.
Courtesy of SR-71 Blackbird, forum Moderator here at Tom's... One of the ONLY tech related pieces I have EVER read that is still as relevant today as it was when posted (6-24-2011).
I can't tell you how many people I've forwarded this to/read it to. I've been using Common Sense Internet Security for YEARS now, it's great. 100% free, hell you don't even need a computer to use it! It covers phone and mail scams too!
The link (if you don't trust me):
http://www.tomshardware.com/forum/242300-49-free-common-sense-internet-security-2011
Too many ambulance chasing lawyers, even Jesus had a warning for lawyers in the Bible. Tells me they were scumbags back then too.
explain yourself.
as for my comment... Blizzard claiming that there is a free alternative cannot count as a legitimate explanation BECAUSE the alternative has a prerequisite... namely ownership of a qualified device. Not everyone owns such devices, therefore the attempt to slime by with that explanation as an excuse falls flat on its face.
They'd be better off not proffering that excuse at all.
The "free" version is $699 (iPhone 5) + Free App Download?
Regardless the suit is a good thing... Activision is an unreasonable company and the only thing that makes them take action is answering to share holders.
Most people own a SMS capable device.
Any device that supports SMS will work. There are more to cell phones than the iPhone 5, however some may not know that.
Uh, the lawsuit isn't about the concept of 2-step authentication, it's about the money charged for the physical device. Those two examples are not relevant since (I presume) neither Google nor ArenaNet charge users for access to the extra account security those login methods provide.