Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Blizzard Sued over lax B.Net Security; Profiting on Authenticators

124678

Comments

  • TheHavokTheHavok Member UncommonPosts: 2,423

    I think this is a ridiculous lawsuit.  Blizzard isn't the first company to have their security breach and they will not likely be the last.  Bank of America, Price Waterhouse, The Pentagon, Sony, Riot, and google have all had their security breached by hackers.

    People are only targetting Blizzard because WoW and Diablo 3 are where the money is at for scammers trying to steal in-game assets.

  • The user and all related content has been deleted.
  • XiaokiXiaoki Member EpicPosts: 3,809


    Originally posted by DeserttFoxx
    Originally posted by Nadia Originally posted by Xiaoki The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court. The same is likely to happen here.
    sounds reasonable http://news.cnet.com/8301-1023_3-57538716-93/sony-psn-hacking-lawsuit-dismissed-by-judge/
    There is a difference here though, sony was a victim to a crime, they were attacked on a massive scale. Every battlenet hack has always been against the individual.

     
    What about trion worlds completely free coin lock system? which requires you to sign in with a combination of either your cell phone or email everytime you change ip,  instead blizzard charged 10 bucks + shipping for a piece of plastic, which btw breaks, because mine did the first time i bought one of these many years ago.



    This isnt an individual lawsuit, its a class action lawsuit when Battle.net was hacked.

    So, yes, Blizzard is the victim of a crime and Blizzard was attacked on a massive scale.

    This is covered in the article that linked in the OP that you obviously didnt read.


    Also, if you log into WoW from a different IP it locks your entire WoW account. Which is a tougher system than Rift's Coin Lock system.


    You have no idea what you're talking about, so please stop talking.

  • niceguy3978niceguy3978 Member UncommonPosts: 2,047
    Originally posted by Razperil
    Originally posted by Latronus
    Originally posted by Kaerigan
    Originally posted by Xiaoki

    The Authenticator it to try and "fix stupid". 9 times out of 10 when someone gets hacked it is because they went to a bad website. But people never want to admit they clicked on a shady link in an e-mail or went to a bad website.

    And then there are people like me. I've got separate passwords for my Battle.net account and the email it is tied to. My account got locked for "suspicious activity". I changed both passwords and even bought a new computer (not because of that incident, of course, it was just time to upgrade). Now my account is locked again. And NO, I have honestly not attempted logging on to any totallylegitbattlenetfreegold.com or something retarded like that. I haven't shared my passwords with ANYONE.

    This is the only one of my hundreds of accounts on various websites that has been compromised.

    It's not like I have any proof but sometimes I wonder what the fuck Blizzard is up to.

    Stop talking common sense with the Blizzard fanbois.  They will ever accept that something very fishy is going on with battle net now matter what happens.  They love to blame the players or the fact that WoW has some many players which is a factor, but they'll never believe that blizzard is doing anything fishy in an attempt to make more profit.  They could even have a news conference and admit it and the fanbois would have some excuse to not believe them.  Nothing should ever be outside the realm of possibility when it comes to a company and extra profit.

    You pin-pointed it perfectly. Any time Blizzard makes any news, immediately it is dismissed as not being possible or true. I find it sickening that for some reason that company can do no wrong, even when it has been shown they have. There is no excuse for lack security for any reason. The lawsuit will win due to the factors stated. It doesn't matter if it wasn't part of the actual security system or not, people still paid to be more protected and it does seem that not one drop of the 26 million even went into decreasing any security risks, or even strengthening it for that matter (based on their continued security issues). All that company cares about is the $$$. Maybe one day those fanbois will see that too.

    P.S- Look at what Sony did when the PS3 network was hacked. They made a whole NEW security network from scratch! That right there shows that they do CARE about their customers/fanbase/users. :) Something Blizzard needs to learn.

    If Sony cares so much for their mmo customers, why are they also sellilng authenticators instead of making sure their security is good enough not to need to sell them?  Or better yet, why aren't they giving them away for free?

  • niceguy3978niceguy3978 Member UncommonPosts: 2,047
    Originally posted by Xiaoki

     


    Originally posted by DeserttFoxx

    Originally posted by Nadia

    Originally posted by Xiaoki The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court. The same is likely to happen here.
    sounds reasonable http://news.cnet.com/8301-1023_3-57538716-93/sony-psn-hacking-lawsuit-dismissed-by-judge/
    There is a difference here though, sony was a victim to a crime, they were attacked on a massive scale. Every battlenet hack has always been against the individual.

     

     
    What about trion worlds completely free coin lock system? which requires you to sign in with a combination of either your cell phone or email everytime you change ip,  instead blizzard charged 10 bucks + shipping for a piece of plastic, which btw breaks, because mine did the first time i bought one of these many years ago.


    This isnt an individual lawsuit, its a class action lawsuit when Battle.net was hacked.

     

    So, yes, Blizzard is the victim of a crime and Blizzard was attacked on a massive scale.

    This is covered in the article that linked in the OP that you obviously didnt read.


    Also, if you log into WoW from a different IP it locks your entire WoW account. Which is a tougher system than Rift's Coin Lock system.


    You have no idea what you're talking about, so please stop talking.

    When did they start locking accounts for loging in from a different IP?  It has to have been sometime after this summer.  My wife's account had no problems logging in from 3 different states in the span of a weekend when we were making a long trip and staying overnight in hotels.

  • NetspookNetspook Member UncommonPosts: 1,583
    Originally posted by muffins89
    Originally posted by sunshadow21
    Originally posted by Phry

    do you have any links to this 'history' of loose security by any chance, other than hearsay that is.. .. thought not.

    One, I tried downloading the trial for WOW, directly from them (no other sites, except perhaps this one, which has not given me trouble, were involved), played it for a week, and I'm still getting emails about my account, years later. Never had anything even close happen with anybody else, and I've tried a lot of games out over the years. Two, the problems I encountered with D2 on the on Battlenet the few times I bothered to venture onto it were enough to make me not bother very often. Three, if you genuinely believe that every single customer that has claimed problems with Blizzard brought it on themselves, you are delusional; at some point, there amasses enough circumstancial evidence that it becomes clear that at least some of it has to be valid, and Blizzard is well past that point.

    it's brought on by hackers.  wether on not battle.net got hacked is one thing.  but most account hacks are from users using the same email and password for everything.  hackers with hack into databases of game forums.  and then proceed to use those emails and passwords to get into peoples gaming accounts.  blizzard has no control over that.  im sure they could have better security but people need to stop pointing fingers.  if your acccount gets hacked it's becuase you weren't smart enough to keep your email and password safe.  by not using the same one everytime.

     

    You really don't know what you're talking about.

    I quit WoW shortly after WotLK was released.  Well over a year later, my account was hacked. And I had a very strong alphanumeric password which was nowhere near similar to any of my other passwords.

    Not keeping it safe? The ONLY place I had it, was inside my own head.

    I assure you, given the time from my last login, to the time I got hacked, combined with a strong password, the fault was NOT on my end. Blizzard have admitted at least once to have been hacked - you are extremely naive if you believe that has happened only once.

  • PresbytierPresbytier Member UncommonPosts: 424
    Not to sound like a Blizzard appologist, but they do offer the authenticator free for anyone with a smartphone and they only charge for the keychain one which does not cost much.

    "Never pay more than 20 bucks for a computer game."-Guybrush Threepwood
    "I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me."-Hunter S. Thompson

  • SonofSethSonofSeth Member UncommonPosts: 1,884
    My account got hacked because my email and password were same as I used on MMORPG.com. When that happened, I changed my email and password, those are specific to WoW now, attached an authenticator and in the last 3 years never had a problem.

    image

  • sunshadow21sunshadow21 Member UncommonPosts: 357
    Originally posted by zymurgeist

     Unfortunately so many people have said that so many times and proven to be liars than no one believes it any more. Usually when they do it they call  others things like "extremely naive"  too. So while I can't say for sure what happened to you I can say the only people likely to believe you, or pretend to believe you, are Blizzard critics. I do know that according to Blizzard and every security pro I've talked to it's almost never hacking and almost always phishing or third party sights that compromises WoW accounts.

    Unfortunately, that stance has also been clearly stated, and disproven, enough to make it equally suspect. The truth lies somewhere in the middle, and no one, including, and perhaps especially, Blizzard, wants to have the conversation of how to contain the problem because that would require direct action against the hackers, phishers, and third parties, which would require Blizzard to spend money. At this point, I think both sides are nuts. Authenticators are, at least, a decent start, and I see no reason to believe malice is behind Blizzard's current nonposition. On the other hand, the amount of money it would take for Blizzard to actually take on the third party problems is miniscule compared to how much they currently make, and even more miniscule compared to how they could be making if they showed some balls and actually supported a friendly environment to game in. They slap band aids on the wounds, heal the symptoms, and don't care about how much more they could be making if they only put just a little bit of effort into containing those third parties that keep dragging them through the mud.

    I think the lawsuit will be interesting to watch. Blizzard will have a hard time proving they couldn't have done more, given the sheer length of time they've had to face the problem. Even if they don't lose, it still might be enough to force them, and the gaming industry as a whole, to seriously rethink their whole strategy and approach to containing problems related to third party abuses.

  • sunshadow21sunshadow21 Member UncommonPosts: 357
    Originally posted by zymurgeist

    Blizzard doesn't have to prove anything but that they comply with industry standard security practices. A low bar they'll easily hurdle.

    I sincerely hope you're wrong. If industry standards are that low, a lawsuit like this is needed to bring them up.

  • IcewhiteIcewhite Member Posts: 6,403

    Would be a weird judgement, in case of a miracle.

    1 million players bought an authenicator at 8 bucks a pop.  However, their purchase undeniably provided some utility, so aa partial refund is the maximum judgement this court can rule.  "Judgement against Blizzard, track those players down and refund them two dollars each, adjusted for inflation".

    Ludicrous.

    Self-pity imprisons us in the walls of our own self-absorption. The whole world shrinks down to the size of our problem, and the more we dwell on it, the smaller we are and the larger the problem seems to grow.

  • RidelynnRidelynn Member EpicPosts: 7,383

    Authenticators can't save you if they break into the server and steal all the data.

    That was part of the fiasco here - there was enough information stolen that accounts can, and were, broken into - including those tied to authenticators. Because they had security questions & answers, they were able to go around the authenticator protection. There was some speculation if the mobile authenticator was hacked as well (since enough data was taken) - but I don't think that was ever proven. The "text/call" authenticator option proved to be utterly worthless - they had enough data they would just change the call-back number (and to Bliz's credit, they have disabled this form).

    Not every "hack" is because the user is stupid. Most, but not all. Once they were able to get into Bliz's servers, the liability is all on Bliz at that point. The lawsuit probably will get thrown out (because they would have to prove willful negligence, which I don't think you can do), but that doesn't necessarily mean that Bliz isn't at fault (at least partially) either.

  • sunshadow21sunshadow21 Member UncommonPosts: 357
    Originally posted by Icewhite

    Would be a weird judgement, in case of a miracle.

    1 million players bought an authenicator at 8 bucks a pop.  However, their purchase undeniably provided some utility, so aa partial refund is the maximum judgement this court can rule.  "Judgement against Blizzard, track those players down and refund them two dollars each, adjusted for inflation".

    Ludicrous.

    More likely would be a judgment or settlement that found some middle ground where Blizzard would do something more on their end to make Bnet more secure (and there is more they can do; they just don't want to, and until someone forces them to, they won't), while the other side acknowledged that they can't force Blizzard to abandon Bnet.

  • NetspookNetspook Member UncommonPosts: 1,583
    Originally posted by zymurgeist
    Originally posted by Netspook
    Originally posted by muffins89
    Originally posted by sunshadow21
    Originally posted by Phry

    do you have any links to this 'history' of loose security by any chance, other than hearsay that is.. .. thought not.

    One, I tried downloading the trial for WOW, directly from them (no other sites, except perhaps this one, which has not given me trouble, were involved), played it for a week, and I'm still getting emails about my account, years later. Never had anything even close happen with anybody else, and I've tried a lot of games out over the years. Two, the problems I encountered with D2 on the on Battlenet the few times I bothered to venture onto it were enough to make me not bother very often. Three, if you genuinely believe that every single customer that has claimed problems with Blizzard brought it on themselves, you are delusional; at some point, there amasses enough circumstancial evidence that it becomes clear that at least some of it has to be valid, and Blizzard is well past that point.

    it's brought on by hackers.  wether on not battle.net got hacked is one thing.  but most account hacks are from users using the same email and password for everything.  hackers with hack into databases of game forums.  and then proceed to use those emails and passwords to get into peoples gaming accounts.  blizzard has no control over that.  im sure they could have better security but people need to stop pointing fingers.  if your acccount gets hacked it's becuase you weren't smart enough to keep your email and password safe.  by not using the same one everytime.

     

    You really don't know what you're talking about.

    I quit WoW shortly after WotLK was released.  Well over a year later, my account was hacked. And I had a very strong alphanumeric password which was nowhere near similar to any of my other passwords.

    Not keeping it safe? The ONLY place I had it, was inside my own head.

    I assure you, given the time from my last login, to the time I got hacked, combined with a strong password, the fault was NOT on my end. Blizzard have admitted at least once to have been hacked - you are extremely naive if you believe that has happened only once.

     Unfortunately so many people have said that so many times and proven to be liars than no one believes it any more. Usually when they do it they call  others things like "extremely naive"  too. So while I can't say for sure what happened to you I can say the only people likely to believe you, or pretend to believe you, are Blizzard critics. I do know that according to Blizzard and every security pro I've talked to it's almost never hacking and almost always phishing or third party sights that compromises WoW accounts.

     

    Poor attempts on masking a "you are a liear" comment, feel free to be more direct next time.

    I'm not a Blizzard hater, in fact, i have 4 active WoW accounts. I've already talked about that a couple of times in multiboxing discussions. But I do not swallow everything Blizzard feeds me. And I certainly don't believe that unless Blizzard tells me there are problems, everything is perfect. Which clearly seperates us two, proven both by your comment about who migh believe me (or "pretend" to believe me), and your "according to Blizzard". Please, learn to think for yourself, it won't hurt you.

    Before you continue attacking my "lies", take a look at your own statements. I doubt many belives you have actually talked to a lot of "security pros" about this. You're doing what you're accusing me for, and it doesn't seem you're even realizing it.

  • TheocritusTheocritus Member LegendaryPosts: 9,737
          The authenticator was a bad idea from the get go....Well at least charging customers for it was......Security is 100% the responsibility of the game company (well except for morons that give their password away anyway)......
  • bcbullybcbully Member EpicPosts: 11,838
    Authenticators were all good until RIFT invented Coin Lock...
    "We see fundamentals and we ape in"
  • FrodoFraginsFrodoFragins Member EpicPosts: 5,897
    Originally posted by Razperil

    P.S- Look at what Sony did when the PS3 network was hacked. They made a whole NEW security network from scratch! That right there shows that they do CARE about their customers/fanbase/users. :) Something Blizzard needs to learn.

    Maybe because Blizzards network has never been hacked like Sony's or Turbine's were.  They HAD to fix everything after that event.

  • FrodoFraginsFrodoFragins Member EpicPosts: 5,897
    Originally posted by Ridelynn

    Authenticators can't save you if they break into the server and steal all the data.

    That was part of the fiasco here - there was enough information stolen that accounts can, and were, broken into - including those tied to authenticators. Because they had security questions & answers, they were able to go around the authenticator protection. There was some speculation if the mobile authenticator was hacked as well (since enough data was taken) - but I don't think that was ever proven. The "text/call" authenticator option proved to be utterly worthless - they had enough data they would just change the call-back number (and to Bliz's credit, they have disabled this form).

    You're spreading a lot of falsehoods here.  Blizzard was never hacked of account names/passwords like sony and others were.

  • sr7olsnipersr7olsniper Member UncommonPosts: 206
    Originally posted by zipzap
    Originally posted by Roxtarr
    Authenticators weren't created because of bad security on Blizzard's end.  They were created to protect gamers from themselves.

    very true and the mobile version is also free...

    Yes I totally agree with this. If you are very tight on security you prob wont get hacked but most people are not like that so an extra layer of protection is always welcomed. The authenticator is free if you own almost ANY type of phone so I am dumbfounded at the notion that blizzard is profitting from the sell of them. Only way they get any money its if you are actually buying a physical copy, but then again you cant expect them to hand it out for free.... Oh yah thats right, they give me like 10 of those every year at blizzcon...

    At least with a sub game they know that people won't tolerate bullshit and leave. With anet we have no recourse but to buy our own lube so our assholes don't get too stretched out from getting bent over a table at Anets will. - Hrimnir

  • sunshadow21sunshadow21 Member UncommonPosts: 357
    Seems to me that if phishing and keyloggers are the biggest problem, a virtual keyboard and tougher passwords that require people to come with something unique are two very easy steps that Blizzard could implement and and remove most of the soruce of the problem. Would some people quit with more complex passwords? Probably, but really, if they're going to quit over something that minor, chances are in the long term, Blizzard is better off without them, because at some point, they are going to have to choose between that low lying, problem causing fruit, and the better quality fruit higher up that is more likely to stick around and show loyalty when the game starts to show it's age. Of course, then they might only have 6 million subscribers instead of 9 million, and only make 1 million dollars a day instead of 2 million, but they would improve there chances of keeping the valuable subscribers around for a longer period of time, meaning they would probably make more money in the long run.
  • FrodoFraginsFrodoFragins Member EpicPosts: 5,897
    Of course blizzard could do more to increase security issues created by users failing to protect themselves.  That doesn't mean they are negligent or have anything to worry about with this lawsuit.
  • GravargGravarg Member UncommonPosts: 3,424
    Originally posted by Roxtarr
    Authenticators weren't created because of bad security on Blizzard's end.  They were created to protect gamers from themselves.

    QFT +1

     

    Some people have no clue about the dangers of being online...actually I'd go so far to say as the majority of people don't know.  My parents are good example of this...I have to go over there and debug and reload windows and stuff all the time because they'll open up any email that get's sent to them lol.

     

    Edit: Blizzard actually has some of the best security.  You can set up your account to send you a text anytime something is changed or done....I don't think any other company has that...

  • itgrowlsitgrowls Member Posts: 2,951
    Originally posted by Burntvet

    Looks like there was something to all those acct hacks...

    And on another note:

    What's the matter MMORPG.com, don't report "real news" or only when it is bad about a paid advertiser?

     

    Full Story:

    Gamesutra Link

     

    Blizzard sued over lax security in Battle.net hacking

     

    Blizzard Entertainment is facing a class action lawsuit for allegedly not doing enough to protect its customers' private information when hackers breached the security of its Battle.net service.

    Last August, hackers managed to break into Battle.net -- which is used for the online features of popular Blizzard games like Diablo III and StarCraft II -- and steal user data including email addresses, personal security questions, and information related to the mobile/dial-in authenticators meant to offer more security to users on the service.

    And now lead plaintiff Benjamin Bell is suing Blizzard and its parent company Activision Blizzard, seeking damages for consumer fraud, negligence, unjust enrichment, breach of contract, and bailment, according to a report from Courthouse News.

    The suit takes particular issue with Blizzard "deceptively and unfairly" requiring players to purchase additional products to protect their accounts instead of making its service more secure. Bell claims that Blizzard has made $26 million from sales of its authenticators.

    "Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website," reads the complaint, which was filed with the California Central District Court.

    Bell also says that Blizzard did not take the legally required steps fo alert players that their accounts were compromised. He is seeking class damages and an injunction to prevent Blizzard from requiring users to sign up for Battle.net accounts to play its games, and from requiring after-sale products to enhance customers' security.


     

    Nice to see someone can make a stand. Wonder if it's an open class action suit. If they are awarding returns to previous subscribers and whatnot. That would be justice imo. 

    The other story never posted on sites like these is when they discovered and buried GM's working with the gold farmers to cause more problems for the players. Apparently an exec was in on it and some money was made off of the players. All of the items were returned via the in game replication system so the players got their accounts and items back but by then the damage had been done and the money was transfered. It's amazing that they let that go on so long before someone noticed. The reason for the report getting out? They layed off one of the employees that was involved. Otherwise no one would have known they were doing this.

  • itgrowlsitgrowls Member Posts: 2,951
    Originally posted by zymurgeist
    Originally posted by sunshadow21
    Seems to me that if phishing and keyloggers are the biggest problem, a virtual keyboard and tougher passwords that require people to come with something unique are two very easy steps that Blizzard could implement and and remove most of the soruce of the problem. Would some people quit with more complex passwords? Probably, but really, if they're going to quit over something that minor, chances are in the long term, Blizzard is better off without them, because at some point, they are going to have to choose between that low lying, problem causing fruit, and the better quality fruit higher up that is more likely to stick around and show loyalty when the game starts to show it's age. Of course, then they might only have 6 million subscribers instead of 9 million, and only make 1 million dollars a day instead of 2 million, but they would improve there chances of keeping the valuable subscribers around for a longer period of time, meaning they would probably make more money in the long run.

     I don't think you're ever going to convince Blizzard they would be better off without most of their customers. You seem to have a higher opinion of the average internet user than I do.

    25 most common passwords of 2012 from Gizmodo.

    1. password (Unchanged)
    2, 123456 (Unchanged)
    3. 12345678 (Unchanged)
    4. abc123 (Up 1)
    5. qwerty (Down 1)
    6. monkey (Unchanged)
    7. letmein (Up 1)
    8. dragon (Up 2)
    9. 111111 (Up 3)
    10. baseball (Up 1)
    11. iloveyou (Up 2)
    12. trustno1 (Down 3)
    13. 1234567 (Down 6)
    14. sunshine (Up 1)
    15. master (Down 1)
    16. 123123 (Up 4)
    17. welcome (New)
    18. shadow (Up 1)
    19. ashley (Down 3)
    20. football (Up 5)
    21. jesus (New)
    22. michael (Up 2)
    23. ninja (New)
    24. mustang (New)
    25. password1 (New)

     

    Password has been the most common password almost as long as computers have had passwords. That's what a 25+ year unbroken record of  stupidity?

     

    Ohand this is just beautiful:

    SplashData's findings are pretty consistent with those of security consultant Mark Burnett, the author of the book Perfect Passwords. Think your password is a special snowflake, unique in the world?Burnett did an analysis of 6 million username and password combinations last year, and found that 91 percent of users had used one of the 1,000 most common passwords—with 99.8 percent using a password from the 10,000 most common. And "password" was the leader of them all, in use by 4.7 percent of user accounts.

    As a Michael I am shocked people are using that as a password, wth? If I'm not mistaken that's one of the most universal name given to male children in the USA. Weird.

  • kaliniskalinis Member Posts: 1,428

    I find the lawsuit laughable since authenticators cost 5 dollars total. If that. I finally bought one a yr and half ago. That said i have never been hacked in 6 plus yrs of playing wow. 

    Not once have i lost any any game money or stuff i owned, Of course i dont go around trying to get free mounts or buying gold llike alot of the people who do get hacked. 

    Blizzard warns players to never go to phishing sites. To go to battle.net directly, They never listen yet its blizzards fault or they claim blizzard employees are hacking them , please, if that was true id of been hacked yrs ago and ive never been hacked in wow. 

Sign In or Register to comment.