On Monday Blizzard responded to a recent class action lawsuit filed against the World of Warcraft developer and its parent company, Activision Blizzard, which accuses both of forcing customers into purchasing added security. The suit alleges that Blizzard is being deceptive by not providing enough security on its end, thus forcing consumers into purchasing a physical "authenticator" device.
Naturally Blizzard said in its public statement that the entire lawsuit is without merit and based on "patently" false information. As we pointed out when the lawsuit was first revealed, Blizzard offers free apps for smartphones that can be used to authenticate the user's credentials when prompted – the physical $6.40 version is merely an optional accessory for those who can't/won't use the apps.
"We want to reiterate that we take the security of our players’ data very seriously, and we’re fully committed to defending our network infrastructure. We also recognize that the cyber-threat landscape is always evolving, and we’re constantly working to track the latest developments and make improvements to our defenses."
According to the lawsuit, Blizzard and parent company Activision "negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website. As a result of these acts, the private information of plaintiffs and class members has been compromised and/or stolen since at least 2007."
The lawsuit specifically points out two recent security instances which took place in May and then in August, both in 2012, which led to the theft of private information, and that Blizzard didn't properly alert customers about the latter incident. Blizzard naturally disputes this accusation.
"Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed," the company said. "You can read our letter to players and a comprehensive FAQ related to the situation on our website."
The suit also points out that Blizzard has accumulated around $26 million USD since the introduction of its $6.40 physical Authenticator product. Customers are also forced into creating an online account so that they can play Blizzard's products, thus requiring an added Authenticator because Blizzard is offering minimal protection on its end.
"This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose," Blizzard said. "The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."
For the record, Blizzard isn't the only company offering "authenticators" as an optional method of security. Google's two-step process requires users to add an additional code to their login that is texted to their smartphone. ArenaNet has an option allowing Guild Wars 2 users to confirm their login by way of an email each time they want to play.
To read Blizzard's entire response, GameInformer has a copy right here.