Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Blizzard Sued over lax B.Net Security; Profiting on Authenticators

BurntvetBurntvet Member RarePosts: 3,465

Looks like there was something to all those acct hacks...

And on another note:

What's the matter MMORPG.com, don't report "real news" or only when it is bad about a paid advertiser?

 

Full Story:

Gamesutra Link

 

Blizzard sued over lax security in Battle.net hacking

 

Blizzard Entertainment is facing a class action lawsuit for allegedly not doing enough to protect its customers' private information when hackers breached the security of its Battle.net service.

Last August, hackers managed to break into Battle.net -- which is used for the online features of popular Blizzard games like Diablo III and StarCraft II -- and steal user data including email addresses, personal security questions, and information related to the mobile/dial-in authenticators meant to offer more security to users on the service.

And now lead plaintiff Benjamin Bell is suing Blizzard and its parent company Activision Blizzard, seeking damages for consumer fraud, negligence, unjust enrichment, breach of contract, and bailment, according to a report from Courthouse News.

The suit takes particular issue with Blizzard "deceptively and unfairly" requiring players to purchase additional products to protect their accounts instead of making its service more secure. Bell claims that Blizzard has made $26 million from sales of its authenticators.

"Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website," reads the complaint, which was filed with the California Central District Court.

Bell also says that Blizzard did not take the legally required steps fo alert players that their accounts were compromised. He is seeking class damages and an injunction to prevent Blizzard from requiring users to sign up for Battle.net accounts to play its games, and from requiring after-sale products to enhance customers' security.


 

«1345678

Comments

  • erictlewiserictlewis Member UncommonPosts: 3,022

    Law suits are one thing. You got to win them first, and hope the other guy does not appeal.  

    The thing about these class actions is that the lawers make most of the money.  I been in a few of those as well.  The most I ever got was 14 bucks over one of them due to so many folks.  I am in a pending one against vonage, lol I bet I never see a dime after the lawers are done. 

     

  • PhryPhry Member LegendaryPosts: 11,004
    Sounds more like some dodgy lawyer type out to either  make a name for themselves or/and money, though how you managed to link Blizzard and Sony together in this, is just weird. More than likely the attempted lawsuit will fail anyway, its a bit like the google vs apple thing, its only newsworthy if its successful, so to speak, lawsuits are just an occupational hazard for large companies, especially with so many chancers around.image
  • ThomasN7ThomasN7 87.18.7.148Member CommonPosts: 6,690
    What bothers me about this is that Blizzard always seems to be in the middle of some controversy. Sometimes it just makes you wonder what really goes on.
    30
  • JorlJorl Member UncommonPosts: 257

    Well I'm not surprised tbh, there are a lot of secrets behind closed doors. Those who didn't like the battle.net had an idea this was going to happen, blizzard was losing its customers at the time it was some lame excuse to boost the profits for blizzard to install battle.net and sell these security keys. I have a feeling it was blizzard employees or someone outside who was hired to hack into its users accounts, wouldn't surprise me one bit not just because its blizzard but in general a lot of companies do this behind closed doors. 

  • BurntvetBurntvet Member RarePosts: 3,465
    Originally posted by Phry
    Sounds more like some dodgy lawyer type out to either  make a name for themselves or/and money, though how you managed to link Blizzard and Sony together in this, is just weird. More than likely the attempted lawsuit will fail anyway, its a bit like the google vs apple thing, its only newsworthy if its successful, so to speak, lawsuits are just an occupational hazard for large companies, especially with so many chancers around.image

    Well, one of the big ones for me is the whole thing with selling authenticators.

    If Bliz knew people needed to use an authenticator, they they knew that their network/acct security was not good enough. If they knew their security was not good enough, they should have fixed it. They can afford it.

    And they REALLY shouldn't have charged people for a separate product to make up for that shoddy system in place to protect people's personal data.

    They should have either incorporated the authenticator functionality into the main program, or given the authenticator away for free.

     

  • RoxtarrRoxtarr Member CommonPosts: 1,122
    Authenticators weren't created because of bad security on Blizzard's end.  They were created to protect gamers from themselves.

    If in 1982 we played with the current mentality, we would have burned down all the pac man games since the red ghost was clearly OP. Instead we just got better at the game.
    image

  • RednecksithRednecksith Member Posts: 1,238

    Great, another junk lawsuit. Just what any legal system needs these days, right?

    Sounds like a group of folks just have their panties in a bunch because they got phished, and are looking for someone else to blame rather than take responsibility for their own bad security practices.

    Sigh... that's the entitlement generation for you.

  • zipzapzipzap Member Posts: 123
    Originally posted by Roxtarr
    Authenticators weren't created because of bad security on Blizzard's end.  They were created to protect gamers from themselves.

    very true and the mobile version is also free...

  • kevjardskevjards Member UncommonPosts: 1,452
    Originally posted by Burntvet

    Looks like there was something to all those acct hacks...

    And on another note:

    What's the matter MMORPG.com, don't report "real news" or only when it is bad about a paid advertiser?

     

    Full Story:

    Gamesutra Link

     

    Blizzard sued over lax security in Battle.net hacking

     

    Blizzard Entertainment is facing a class action lawsuit for allegedly not doing enough to protect its customers' private information when hackers breached the security of its Battle.net service.

    Last August, hackers managed to break into Battle.net -- which is used for the online features of popular Blizzard games like Diablo III and StarCraft II -- and steal user data including email addresses, personal security questions, and information related to the mobile/dial-in authenticators meant to offer more security to users on the service.

    And now lead plaintiff Benjamin Bell is suing Blizzard and its parent company Activision Blizzard, seeking damages for consumer fraud, negligence, unjust enrichment, breach of contract, and bailment, according to a report from Courthouse News.

    The suit takes particular issue with Blizzard "deceptively and unfairly" requiring players to purchase additional products to protect their accounts instead of making its service more secure. Bell claims that Blizzard has made $26 million from sales of its authenticators.

    "Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website," reads the complaint, which was filed with the California Central District Court.

    Bell also says that Blizzard did not take the legally required steps fo alert players that their accounts were compromised. He is seeking class damages and an injunction to prevent Blizzard from requiring users to sign up for Battle.net accounts to play its games, and from requiring after-sale products to enhance customers' security.


     

    something tells me this will be settled out of court...kudos to the guy with the balls to do it though.

  • XiaokiXiaoki Member EpicPosts: 3,809

    The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court.

    The same is likely to happen here.


    The Authenticator it to try and "fix stupid". 9 times out of 10 when someone gets hacked it is because they went to a bad website. But people never want to admit they clicked on a shady link in an e-mail or went to a bad website.

  • KaeriganKaerigan Member Posts: 689
    Originally posted by Xiaoki

    The Authenticator it to try and "fix stupid". 9 times out of 10 when someone gets hacked it is because they went to a bad website. But people never want to admit they clicked on a shady link in an e-mail or went to a bad website.

    And then there are people like me. I've got separate passwords for my Battle.net account and the email it is tied to. My account got locked for "suspicious activity". I changed both passwords and even bought a new computer (not because of that incident, of course, it was just time to upgrade). Now my account is locked again. And NO, I have honestly not attempted logging on to any totallylegitbattlenetfreegold.com or something retarded like that. I haven't shared my passwords with ANYONE.

    This is the only one of my hundreds of accounts on various websites that has been compromised.

    It's not like I have any proof but sometimes I wonder what the fuck Blizzard is up to.

    <childish, provocative and highly speculative banner about your favorite game goes here>

  • PhryPhry Member LegendaryPosts: 11,004
    Originally posted by Burntvet
    Originally posted by Phry
    Sounds more like some dodgy lawyer type out to either  make a name for themselves or/and money, though how you managed to link Blizzard and Sony together in this, is just weird. More than likely the attempted lawsuit will fail anyway, its a bit like the google vs apple thing, its only newsworthy if its successful, so to speak, lawsuits are just an occupational hazard for large companies, especially with so many chancers around.image

    Well, one of the big ones for me is the whole thing with selling authenticators.

    If Bliz knew people needed to use an authenticator, they they knew that their network/acct security was not good enough. If they knew their security was not good enough, they should have fixed it. They can afford it.

    And they REALLY shouldn't have charged people for a separate product to make up for that shoddy system in place to protect people's personal data.

    They should have either incorporated the authenticator functionality into the main program, or given the authenticator away for free.

     

    And yet Blizzard arent the only company to have authenticators as an option, the reality is that they do add significant levels of security to any game,  or online service as you can get authenticators now for bank accounts etc. Blizzard even went so far as to make the mobile app authenticator virtually free, its only the physical tokens that are in any way, 'expensive' and tbh, at £6 its hardly that. no, this lawsuit will be thrown out, chances are if you look at the guy attempting this, is that he has a history of dodgy lawsuits initiated by him, and that the only thing he is about is money, personally i wouldnt give them the time of day, as you usually find the same types are also into 'ambulance chasing' the only thing that surprises me is that anybody gives them any credence whatsoever. image

  • KarahandrasKarahandras Member UncommonPosts: 1,703
    Originally posted by Roxtarr
    Authenticators weren't created because of bad security on Blizzard's end.  They were created to protect gamers from themselves.

    Atually from what I've read i think both is true(bad security + a touch of ignorance).

    But in truth I think the authenticators were created as a way to get the customers to pay for the security that would otherwise come out of the payments already being made(game cost, sub etc).

  • revy66revy66 Member Posts: 464
    Originally posted by Burntvet
    Originally posted by Phry
    Sounds more like some dodgy lawyer type out to either  make a name for themselves or/and money, though how you managed to link Blizzard and Sony together in this, is just weird. More than likely the attempted lawsuit will fail anyway, its a bit like the google vs apple thing, its only newsworthy if its successful, so to speak, lawsuits are just an occupational hazard for large companies, especially with so many chancers around.image

    Well, one of the big ones for me is the whole thing with selling authenticators.

    If Bliz knew people needed to use an authenticator, they they knew that their network/acct security was not good enough. If they knew their security was not good enough, they should have fixed it. They can afford it.

    And they REALLY shouldn't have charged people for a separate product to make up for that shoddy system in place to protect people's personal data.

    They should have either incorporated the authenticator functionality into the main program, or given the authenticator away for free.

     

    This makes no sense...Why should they give out the authenticators for free? Dumb people are not entitled to extra equipment to keep their shit safe. If someone thinks he might get keylogged then he ought to buy extra protection, aside from the one already in place.

    P.S: Blizzard and other companies actually give free authenticator software to anyone with a smarthphone.

  • PhryPhry Member LegendaryPosts: 11,004
    Originally posted by Kaerigan
    Originally posted by Xiaoki

    The Authenticator it to try and "fix stupid". 9 times out of 10 when someone gets hacked it is because they went to a bad website. But people never want to admit they clicked on a shady link in an e-mail or went to a bad website.

    And then there are people like me. I've got separate passwords for my Battle.net account and the email it is tied to. My account got locked for "suspicious activity". I changed both passwords and even bought a new computer (not because of that incident, of course, it was just time to upgrade). Now my account is locked again. And NO, I have honestly not attempted logging on to any totallylegitbattlenetfreegold.com or something retarded like that. I haven't shared my passwords with ANYONE.

    This is the only one of my hundreds of accounts on various websites that has been compromised.

    It's not like I have any proof but sometimes I wonder what the fuck Blizzard is up to.

    sometimes wonder if they didnt ought to make  everyone take phishing recognition courses, of course a lot of it is common sense, but how often must blizzard have to deal with this kind of thing, along with other online services etc, i doubt whether its relegated to just online gaming, truth of the matter is, phishing among other online hazards, is a fact of life, companies like Blizzard have tried to 'idiot proof' things a bit by introducing authenticators, they can't however, protect other peoples email accounts, in this increasingly internet dependant world we live in, we have to protect ourselves, relying on others to clean up our own messes every 5 minutes is unrealistic, time to become educated in the dangers this environment contains. The information is out there, chances are your place of work even has cbt's on them, i'd be surprised if schools didnt teach this kind of thing also.image

  • sunshadow21sunshadow21 Member UncommonPosts: 357
    The only part with the authenticators that really bothers is that Blizzard seems to think that the use of them absolves them from having to do anything further on their end. If the authenticators were being used as part of a comprehensive process that actively included both Blizzard and their customers, I would have a lot less of an issue with it; as it is, the one-sidedness of their use just makes Blizzard come across as lazy and unconcerned about the quality of the product and service they are providing in exchange for the money they are getting from their customers. It will be interesting to see how the lawsuit goes; there is definitely some merit to some of it's claims even if it does go off the deep end in certain parts of it.
  • FrodoFraginsFrodoFragins Member EpicPosts: 5,897
    There will be no settlement and Blizzard will not lose this case if it goes forward.
  • VrikaVrika Member LegendaryPosts: 7,881
    This lawsuit is completely ridiculous. Does the lawyer not realize, that the information stolen was not protected by authenticators in the first place? It's like arguing that fire safety of a building was too low and builders knew that because they sold optional burglar alarms.
     
  • PsychowPsychow Member Posts: 1,784
    I'd like to see the lawsuit drag on for years, causing the lawers (not Blizzard) lose their asses after they rightfully lose.
  • sunshadow21sunshadow21 Member UncommonPosts: 357
    Originally posted by Phry

    sometimes wonder if they didnt ought to make  everyone take phishing recognition courses, of course a lot of it is common sense, but how often must blizzard have to deal with this kind of thing, along with other online services etc, i doubt whether its relegated to just online gaming, truth of the matter is, phishing among other online hazards, is a fact of life, companies like Blizzard have tried to 'idiot proof' things a bit by introducing authenticators, they can't however, protect other peoples email accounts, in this increasingly internet dependant world we live in, we have to protect ourselves, relying on others to clean up our own messes every 5 minutes is unrealistic, time to become educated in the dangers this environment contains. The information is out there, chances are your place of work even has cbt's on them, i'd be surprised if schools didnt teach this kind of thing also.image

    I'd be a lot less bothered by the looseness of Blizzard's security if it didn't have a track record of having loose security, dating back to even before WOW was released. The problems it faces are not unique, but most every other company I've ever dealt with online, whether it be a MMO or something else, seems to have reasonably contained the majority of problems that inevitably arise. Blizzard alone has the only one that I have consistently seen these kinds of issues, across multiple games and several different versions of battlenet, continue so long and seemingly unabated; it's like they haven't even bothered to try to even contain them. Now they are trying to tell the consumer it's all their fault, when clearly something needs to be fixed on Blizzard's end as well. Simply telling people to use an authenticator is not actually going to solve the problems inherent somewhere in how Blizzard manages Battlenet and the private information of it's customers, even if it's use will greatly reduce the impact of such problems for those who use them. If they were using the authenticator as part of a larger strategy to rein in the problem, rather than as a stand alone solution that puts the onus entirely on the consumer, it would be a lot easier to accept the position that Blizzard is simply trying to protect the consumers from themselves, since it would be a lot easier to trust that everything was as tight as it could be on their end, something that right now, I simply cannot believe.

  • Cod_EyeCod_Eye Member UncommonPosts: 1,016
    I think the guy has a strong case, like was qouted $26m  from authenticators and blizzard didnt secure players data sufficiently, all that data should of been encrypted.  To many companies are keeping personal data on their customers to freely and need to be made accountable.
  • PhryPhry Member LegendaryPosts: 11,004
    Originally posted by sunshadow21
    The only part with the authenticators that really bothers is that Blizzard seems to think that the use of them absolves them from having to do anything further on their end. If the authenticators were being used as part of a comprehensive process that actively included both Blizzard and their customers, I would have a lot less of an issue with it; as it is, the one-sidedness of their use just makes Blizzard come across as lazy and unconcerned about the quality of the product and service they are providing in exchange for the money they are getting from their customers. It will be interesting to see how the lawsuit goes; there is definitely some merit to some of it's claims even if it does go off the deep end in certain parts of it.

    i'd love to know where you get your information from, do you know someone who works for blizzard and is part of their security team etc, because it sounds exactly like your making it up, though when it gets down to it, i don't think there is any company out there that doesnt take security issues seriously, but assuming that authenticators is all their doing, would be a very large and strange assumption, because all the authenticator is doing is helping you control security issues on your own pc etc. everything else is groundless speculation, and obviously uninformed at that.image

  • PhryPhry Member LegendaryPosts: 11,004
    Originally posted by sunshadow21
    Originally posted by Phry

    sometimes wonder if they didnt ought to make  everyone take phishing recognition courses, of course a lot of it is common sense, but how often must blizzard have to deal with this kind of thing, along with other online services etc, i doubt whether its relegated to just online gaming, truth of the matter is, phishing among other online hazards, is a fact of life, companies like Blizzard have tried to 'idiot proof' things a bit by introducing authenticators, they can't however, protect other peoples email accounts, in this increasingly internet dependant world we live in, we have to protect ourselves, relying on others to clean up our own messes every 5 minutes is unrealistic, time to become educated in the dangers this environment contains. The information is out there, chances are your place of work even has cbt's on them, i'd be surprised if schools didnt teach this kind of thing also.image

    I'd be a lot less bothered by the looseness of Blizzard's security if it didn't have a track record of having loose security, dating back to even before WOW was released. The problems it faces are not unique, but most every other company I've ever dealt with online, whether it be a MMO or something else, seems to have reasonably contained the majority of problems that inevitably arise. Blizzard alone has the only one that I have consistently seen these kinds of issues, across multiple games and several different versions of battlenet, continue so long and seemingly unabated; it's like they haven't even bothered to try to even contain them. Now they are trying to tell the consumer it's all their fault, when clearly something needs to be fixed on Blizzard's end as well. Simply telling people to use an authenticator is not actually going to solve the problems inherent somewhere in how Blizzard manages Battlenet and the private information of it's customers, even if it's use will greatly reduce the impact of such problems for those who use them. If they were using the authenticator as part of a larger strategy to rein in the problem, rather than as a stand alone solution that puts the onus entirely on the consumer, it would be a lot easier to accept the position that Blizzard is simply trying to protect the consumers from themselves, since it would be a lot easier to trust that everything was as tight as it could be on their end, something that right now, I simply cannot believe.

    do you have any links to this 'history' of loose security by any chance, other than hearsay that is.. .. thought not.

  • sunshadow21sunshadow21 Member UncommonPosts: 357
    Originally posted by Phry

    i'd love to know where you get your information from, do you know someone who works for blizzard and is part of their security team etc, because it sounds exactly like your making it up, though when it gets down to it, i don't think there is any company out there that doesnt take security issues seriously, but assuming that authenticators is all their doing, would be a very large and strange assumption, because all the authenticator is doing is helping you control security issues on your own pc etc. everything else is groundless speculation, and obviously uninformed at that.image

    I wish I could believe you when you say that Blizzard takes security seriously, but it has too long of a track record for me to believe it. I have played a lot of games online, and been to a fair number of places around the internet as well, and Blizzard is definitely one of the worst in protecting their customers, both present and past. They are the only ones that I have ever had serious problems with, and even if I thought their games were worth the money I spent on them, I wouldn't buy it because I don't trust their battlenet security even remotely, authenticator or no. It's absurd that they can't take even a little bit of the money they make and at least keep the problem contained (I don't expect them to be able to eradicate it completely; that would be foolish).

  • Kaynos1972Kaynos1972 Member Posts: 2,316
    I hope the guy wins. This will send a very good message to other game company. Data security is not something to be taken lightly to force user to buy authenticator, it should be the same level for everyone.
Sign In or Register to comment.