Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Blizzard Sued over lax B.Net Security; Profiting on Authenticators

123468

Comments

  • XiaokiXiaoki Member EpicPosts: 3,809


    Originally posted by Burntvet
    Originally posted by Fendel84M Originally posted by Edeus I just want to know why mmorpg.com couldnt stop promoting the latest mmo-whatever and actually do some reporting on this story.  It's interesting and obviously effects the industry...    
    Maybe they thought some lame law suit with no real merit wasnt actually news?
    Well, it is not just this story, there have been several others in the last week that are simply not covered here.

    There is a big story brewing that Origins servers have been hacked and another loss of customer data, but not a word of that on here. (And, what do you know, EA is a paid advertiser here).

    So there are plenty of "legitimate news stories" that are passed over in favor of "Newsvertisements".

     



    Why do a "legitimate news story" when you could do a "newsvertisement" for Guild Wars 2?
  • maplestonemaplestone Member UncommonPosts: 3,099

    Having followed the authenticator angst out of the corner of my eye for several years and I have a hard time seeing this as anything but a sleezy lawsuit attempting to blackmail a profitable company into forking over money just to shut the lawyers up. 

    If you want to hold a collective hatefest about Blizzard, I'd pick a better issue that doesn't make haters look like stooges.

  • kturockkturock Member Posts: 16

    The whole point is; Why do we need authenticators?

    If Blizzard actually put the proper time, effort & money into security, they would hanve the problem.

    Paying for something to correct Blizzard's mistakes is assinine. Then it doesn't even work.

    They deserved to be sued. You rabid WoW fanboys need to get a life.

    Blizzrd has been hacked the most since it has the worst security and the highest data base; incorporating info since Diablo and Warcraft rts.

    They've been in the business as long as, if not longer, than other companies; yet, they can't correct the problem? It's more like they won't correct the problem.

     

    When my deleted, closed, non-suscribed account was hacked, I was told by their CSR, it had to be my fault, since they don't have, and never had, any security breaches.

  • BurntvetBurntvet Member RarePosts: 3,465
    Originally posted by Fendel84M
    Originally posted by Burntvet
    Originally posted by Fendel84M
    Originally posted by Edeus

    I just want to know why mmorpg.com couldnt stop promoting the latest mmo-whatever and actually do some reporting on this story.  It's interesting and obviously effects the industry...

     

     

    Maybe they thought some lame law suit with no real merit wasnt actually news?

    Well, it is not just this story, there have been several others in the last week that are simply not covered here.

    There is a big story brewing that Origins servers have been hacked and another loss of customer data, but not a word of that on here. (And, what do you know, EA is a paid advertiser here).

    So there are plenty of "legitimate news stories" that are passed over in favor of "Newsvertisements".

     

     Do companies really pay directly to advertise on websites anymore? I thought most of that was set up through sites like google that provide relevant advertising. I think thats how you find ads for competitors games on a game's website.

    That is not the case or entirely the case here.

    Site staff have commented on several occasions that they sell ad space direct to several of the game makers.

    Whether that covers all the flash ads, I don't know, as I am not seeing them.

     

  • strangiato2112strangiato2112 Member CommonPosts: 1,538
    Originally posted by Waybackwhen
    What bothers me about this is that Blizzard always seems to be in the middle of some controversy. Sometimes it just makes you wonder what really goes on.

    Only read the first page of the thread and there were too many facepalm moments to continue.

    This isnt a controversy, this is someone wanting a free handout.  I would say a large portion of class action lawsuits are just that, people wanting free handouts.  

    Blizzard is the target because they are the ones with the money.

     

     

  • kturockkturock Member Posts: 16
    Originally posted by strangiato2112
    Originally posted by Waybackwhen
    What bothers me about this is that Blizzard always seems to be in the middle of some controversy. Sometimes it just makes you wonder what really goes on.

    Only read the first page of the thread and there were too many facepalm moments to continue.

    This isnt a controversy, this is someone wanting a free handout.  I would say a large portion of class action lawsuits are just that, people wanting free handouts.  

    Blizzard is the target because they are the ones with the money.

     

     

    Blizzard is the target because they are the one responsible for our safety and the security of our information. They have constantly been lax in both; even to the point taht it was a plot point joke on 'The Big Bang Theory' sit com.

    WoW is the biggest cash cow and Blizardshould be protecting their customers; not charging them extra for protection. Thenthe extra protection isn't even working either.

  • kturockkturock Member Posts: 16
    Originally posted by maplestone

    Having followed the authenticator angst out of the corner of my eye for several years and I have a hard time seeing this as anything but a sleezy lawsuit attempting to blackmail a profitable company into forking over money just to shut the lawyers up. 

    If you want to hold a collective hatefest about Blizzard, I'd pick a better issue that doesn't make haters look like stooges.

    So you think the authenticators are a good thing? Why should I/we/you have to pay for something, made and sold by the company, to play their game safely? I have to buy the game, and then each expansion and then a monthly fee.

    Internet security is part of the promise of buying and using the product. [the game] They've failed innumberable times.

  • ConsequenceConsequence Member UncommonPosts: 358
    Originally posted by Xiaoki

    The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court.

    The same is likely to happen here.

     

    Except Sony didnt profit from the hackers. Blizz has profited through sales of their authenicator. 

     

    Nobody is saying Blizz did it on purpose, as that is unlikely. But, they did not even begin to take the typical precautions most companies do. The best example if asking people to use thier email as their account name. Every game ever that did that has massive security problems. 

     

  • asmkm22asmkm22 Member Posts: 1,788
    Originally posted by kturock
     

    Blizzard is the target because they are the one responsible for our safety and the security of our information. They have constantly been lax in both; even to the point taht it was a plot point joke on 'The Big Bang Theory' sit com.

    WoW is the biggest cash cow and Blizardshould be protecting their customers; not charging them extra for protection. Thenthe extra protection isn't even working either.

     

    Blizzard is not "responsible for our safety" any more than a bank is responsible for identify theft.  If you become a victim, they help you out, but that's it.  Literally every security breach in the history of WoW has been a result of someone being phised, which has nothing to do with Blizzard.

    Blizzard hasn't been "hacked."  Accounts haven't been "hacked."  Players haven't been "hacked."  People are just gullible and have been the targets of social engineering.  Nothing more.

     

     

    You make me like charity

  • asmkm22asmkm22 Member Posts: 1,788
    Originally posted by Consequence
    Originally posted by Xiaoki

    The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court.

    The same is likely to happen here.

     

    Except Sony didnt profit from the hackers. Blizz has profited through sales of their authenicator. 

     

    Nobody is saying Blizz did it on purpose, as that is unlikely. But, they did not even begin to take the typical precautions most companies do. The best example if asking people to use thier email as their account name. Every game ever that did that has massive security problems. 

     

    Blizzard hasn't profitted from the sale of authenticators, according to their financial statements.  They sell them at cost, plus shipping.  They are also not required, which makes the point moot, because even if they did charge enough to make a profit, people still have to voluntarily purchase them.

    You make me like charity

  • ConsequenceConsequence Member UncommonPosts: 358
    Originally posted by asmkm22
    Originally posted by Consequence
    Originally posted by Xiaoki

    The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court.

    The same is likely to happen here.

     

    Except Sony didnt profit from the hackers. Blizz has profited through sales of their authenicator. 

     

    Nobody is saying Blizz did it on purpose, as that is unlikely. But, they did not even begin to take the typical precautions most companies do. The best example if asking people to use thier email as their account name. Every game ever that did that has massive security problems. 

     

    Blizzard hasn't profitted from the sale of authenticators, according to their financial statements.  They sell them at cost, plus shipping.  They are also not required, which makes the point moot, because even if they did charge enough to make a profit, people still have to voluntarily purchase them.

    Could you provide that information please? I would like to know how they have not profitted from an authenticator that is less than a pound and costs $9 to ship.

     

    Link or it is nonsense. 

  • -Zeno--Zeno- Member CommonPosts: 1,298
    This has happened before in the past too.  Their servers can be brute forced.

    The definition of insanity: doing the same thing over and over expecting different results.

  • asmkm22asmkm22 Member Posts: 1,788
    Originally posted by kturock
    Originally posted by maplestone

    Having followed the authenticator angst out of the corner of my eye for several years and I have a hard time seeing this as anything but a sleezy lawsuit attempting to blackmail a profitable company into forking over money just to shut the lawyers up. 

    If you want to hold a collective hatefest about Blizzard, I'd pick a better issue that doesn't make haters look like stooges.

    So you think the authenticators are a good thing? Why should I/we/you have to pay for something, made and sold by the company, to play their game safely? I have to buy the game, and then each expansion and then a monthly fee.

    Internet security is part of the promise of buying and using the product. [the game] They've failed innumberable times.

    I've been playing the game since late alpha, and have never used an authenticator.  I've also never been "hacked."

    Why?  Because...

    • I don't click email or website links just because they claim to be from Blizzard
    • I don't share my password with anyone
    • I've never bought gold
    • Every password for every online account I have is unique, meaning one getting comprimised doesn't cause collateral damage to the others

    Every incident of a comprimised account is related to one of those reasons.  The problem is that most people won't admit something like buying gold, or falling victim to phising.  It's easier to just claim they were "hacked" than admit they made a poor or stupid decision.

    You make me like charity

  • zExoduszzExodusz Member UncommonPosts: 2

    Indeed they can. The funny thing about this whole thing is Blizzard doesn't enforce Case Sensitivty in their passwords. Thus, it's easier to brute force an account when you know that all the characters have to be lower case letters. I personally randomize passwords for everything that I touch and i randomized a 15 character password with caps/numbers/symbols.

     

    Guess what. their password system told me the password won't work and must meeta certin criteria. That's great and all except when F2P sites require more robust password reqs than an MMO with Billions made on their customers it has me worried to no end that Blizzard clearly didn't care. Blizzard should have given authenticators away with every purchase. Sure they offer a smart phone app for free but does that really justify that in order for a person to use that authenticator he/she must purchase a smart phone. I know plenty of people out there who hate smart phones. Just my 2 cents.

    image

  • TheHavokTheHavok Member UncommonPosts: 2,423
    Originally posted by Consequence
    Originally posted by Xiaoki

    The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court.

    The same is likely to happen here.

     

    Except Sony didnt profit from the hackers. Blizz has profited through sales of their authenicator. 

     

    Nobody is saying Blizz did it on purpose, as that is unlikely. But, they did not even begin to take the typical precautions most companies do. The best example if asking people to use thier email as their account name. Every game ever that did that has massive security problems. 

     

    1. Please inform us of all the typical precautions most companies do.

    2. Please inform us of all the precautions Blizzard did and did not do.

  • asmkm22asmkm22 Member Posts: 1,788
    Originally posted by Consequence

    Could you provide that information please? I would like to know how they have not profitted from an authenticator that is less than a pound and costs $9 to ship.

     

    Link or it is nonsense. 

    I guess I'd need to know your location to answer that.  In the US, the authenticators are $6.50 with no shipping charges.  I don't have access or time to research up the link, but several years ago Blizzard addressed the issue by stating they buy the devices from Vasco at the bulk price of around $6.50 each.

    It was a big deal for them at the time, because they were eating the cost of shipping the devices to people (at least in the US).  They did it because it was still cheaper than what it was costing in manpower to deal with the high rate of hacked account complaints.

    Maybe the devices have come down in price for Blizzard recently, I don't know.  What I do know is that the whole program is not intended to be for profit.  It's there because the comprimised accounts were costing them money and they needed more preventative measures available.

     

    If you really don't want to pay for the authenticator, you can just download the mobile app for free and avoid the cost entirely.

    You make me like charity

  • asmkm22asmkm22 Member Posts: 1,788
    Originally posted by aptitude

    Indeed they can. The funny thing about this whole thing is Blizzard doesn't enforce Case Sensitivty in their passwords. Thus, it's easier to brute force an account when you know that all the characters have to be lower case letters. I personally randomize passwords for everything that I touch and i randomized a 15 character password with caps/numbers/symbols.

    As a network security professional, my initial reaction to learning about the case sensativity was... to be shocked actually.  Then I thought about it some and it makes sense for their setup.  

    The thing is, you can't brute force their accounts because they get locked after something like 5 failed attempts.  For that setup, case sensativity and complexity matters much less than password length.

    You make me like charity

  • kturockkturock Member Posts: 16
    Originally posted by asmkm22
    Originally posted by kturock
     

    Blizzard is the target because they are the one responsible for our safety and the security of our information. They have constantly been lax in both; even to the point taht it was a plot point joke on 'The Big Bang Theory' sit com.

    WoW is the biggest cash cow and Blizardshould be protecting their customers; not charging them extra for protection. Thenthe extra protection isn't even working either.

     

    Blizzard is not "responsible for our safety" any more than a bank is responsible for identify theft.  If you become a victim, they help you out, but that's it.  Literally every security breach in the history of WoW has been a result of someone being phised, which has nothing to do with Blizzard.

    Blizzard hasn't been "hacked."  Accounts haven't been "hacked."  Players haven't been "hacked."  People are just gullible and have been the targets of social engineering.  Nothing more.

     

    WRONG. Read my 1st post.

    My acount was hacked 1 year after I UNISTALLED AND QUIT PLAYING THE GAME. I never gave anyone the password. I used an uncommon password. ie. not password, wow my account, 1234, et c.

    I quit the game. I cancelled my subscription. I unistalled the game.

    I got serveral notices from WoW stating I was doing illegal activity and about to be locked, then it was locked; all within the space of several hours WHILE I WAS AT WORK. By the time I got home, my account was locked. I called the toll free number and talked to a CSR. They said the same BS you did.

    I told them that I quit playing WoW over a year earlier, when my subscription ran out. The agreed that my subscription was inactive and didn't know how it had activity, even though the admitted it did. I told them to cancel, close, delete or whatever was needed to keep the account from being used. The CSR said he couldn't do anything more than was already done. He couldn't even delete it, just lock it.

    Don't tell me that Blizzrd or WoW has never been hacked, because I have been.

    I work with a guy who has 3 accounts, 1 for him and 1 for each of his 2 kids. All 3 have authenticators. All 3 have been hacked before and after having the authenticators. All use complex passwords.

    WoW is responsible for our informations security; just the same as bank cards, charge cards and all internet accounts are liable.  When a bank gets it's account hacked, like discover card, they cancel the accounts and issue new ones. 1 of charge card companies even gave 1 year of free ID protection from an independant company.After 1 year, you had the choice to renew or cancel. It was on the national news.

     

  • SidadSidad Member UncommonPosts: 50
    Originally posted by Burntvet

    Looks like there was something to all those acct hacks...

    And on another note:

    What's the matter MMORPG.com, don't report "real news" or only when it is bad about a paid advertiser?

     

    Full Story:

    Gamesutra Link

     

    Blizzard sued over lax security in Battle.net hacking

     

    Blizzard Entertainment is facing a class action lawsuit for allegedly not doing enough to protect its customers' private information when hackers breached the security of its Battle.net service.

    Last August, hackers managed to break into Battle.net -- which is used for the online features of popular Blizzard games like Diablo III and StarCraft II -- and steal user data including email addresses, personal security questions, and information related to the mobile/dial-in authenticators meant to offer more security to users on the service.

    And now lead plaintiff Benjamin Bell is suing Blizzard and its parent company Activision Blizzard, seeking damages for consumer fraud, negligence, unjust enrichment, breach of contract, and bailment, according to a report from Courthouse News.

    The suit takes particular issue with Blizzard "deceptively and unfairly" requiring players to purchase additional products to protect their accounts instead of making its service more secure. Bell claims that Blizzard has made $26 million from sales of its authenticators.

    "Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website," reads the complaint, which was filed with the California Central District Court.

    Bell also says that Blizzard did not take the legally required steps fo alert players that their accounts were compromised. He is seeking class damages and an injunction to prevent Blizzard from requiring users to sign up for Battle.net accounts to play its games, and from requiring after-sale products to enhance customers' security.


     

    When I was saying here how my account was easily hacked as soon as I loged out toghether with thousends others ppl  afcourse ppl blame me for my pc was unsecure. Stupid me even though I run antivirus and all kind of security programs and firewall (found nothing on my system) and having different account names/pass/email for games I still belived that it mightev been my fault so i bought authenticator.... Worst part D3 sucked anyhow so when I finished game I just couldnt bring myself to play again. D3 and GW2 highly anticipated games and biggest dissapontments for me. :(

     

    Not to mention wow account getting hacked 3 years AFTER i quit game lol.

  • SmikisSmikis Member UncommonPosts: 1,045
    this seems 3 years out of date, mobile auth is free. there is even windows version ( not oficial but confirmed  by blizzard , not sure about allthat, but people use it. ) blaming blizzard  about some 26 mln profit, thats since when? alltime profit for authenticators?  that barely makes 2% of what they make, anywya, bs claim, autehnticator software is free, you dont have to buy usb stick with it
  • DrunkWolfDrunkWolf Member RarePosts: 1,701
    blizzard is not safe
  • asmkm22asmkm22 Member Posts: 1,788
    Originally posted by kturock

    WRONG. Read my 1st post.

    My acount was hacked 1 year after I UNISTALLED AND QUIT PLAYING THE GAME. I never gave anyone the password. I used an uncommon password. ie. not password, wow my account, 1234, et c.

    I quit the game. I cancelled my subscription. I unistalled the game.

    I got serveral notices from WoW stating I was doing illegal activity and about to be locked, then it was locked; all within the space of several hours WHILE I WAS AT WORK. By the time I got home, my account was locked. I called the toll free number and talked to a CSR. They said the same BS you did.

    I told them that I quit playing WoW over a year earlier, when my subscription ran out. The agreed that my subscription was inactive and didn't know how it had activity, even though the admitted it did. I told them to cancel, close, delete or whatever was needed to keep the account from being used. The CSR said he couldn't do anything more than was already done. He couldn't even delete it, just lock it.

    Don't tell me that Blizzrd or WoW has never been hacked, because I have been.

    I work with a guy who has 3 accounts, 1 for him and 1 for each of his 2 kids. All 3 have authenticators. All 3 have been hacked before and after having the authenticators. All use complex passwords.

    WoW is responsible for our informations security; just the same as bank cards, charge cards and all internet accounts are liable.  When a bank gets it's account hacked, like discover card, they cancel the accounts and issue new ones. 1 of charge card companies even gave 1 year of free ID protection from an independant company.After 1 year, you had the choice to renew or cancel. It was on the national news.

     

    So let me get this straight...

    You think someone "hacked" into your account, activated and paid for a new subscription, then proceeded to... "do illegal activity"?  Something is missing from your story here, because if you cancelled/uninstalled/etc, then what exactly did they do, if not resub you?  That makes no sense.

    Sounds more like you got one of many "real" emails from Blizzard claiming illegal activity just to get you to try in log into a fake site to harvets credentials.  As for Blizzards end, they probably just started telling you whatever they could to get you off the phone, because your story is a bit off.

    You make me like charity

  • LugorsLugors Member UncommonPosts: 184
    As many people have pointed out, authenticators are there to save the customer from himself.  Despite the web testimonials to the contrary, if you were hacked, it was your own fault for either buying gold, leveling services or going to a compromised website without adequate antivirus or spyware protection.

    This is like faulting the bank for being robbed.  Here is the equation.  Blizzard has money.  Lawyers want Blizzard's money.  Sue Blizzard and hope they settle. Profit!

    If lawsuit gains any traction it will set a horrible precident.  No company should be responsible for it's customer's stupidity. 
     
  • ConsequenceConsequence Member UncommonPosts: 358
    Originally posted by asmkm22
    Originally posted by Consequence

    Could you provide that information please? I would like to know how they have not profitted from an authenticator that is less than a pound and costs $9 to ship.

     

    Link or it is nonsense. 

    I guess I'd need to know your location to answer that.  In the US, the authenticators are $6.50 with no shipping charges.  I don't have access or time to research up the link, but several years ago Blizzard addressed the issue by stating they buy the devices from Vasco at the bulk price of around $6.50 each.

    It was a big deal for them at the time, because they were eating the cost of shipping the devices to people (at least in the US).  They did it because it was still cheaper than what it was costing in manpower to deal with the high rate of hacked account complaints.

    Maybe the devices have come down in price for Blizzard recently, I don't know.  What I do know is that the whole program is not intended to be for profit.  It's there because the comprimised accounts were costing them money and they needed more preventative measures available.

     

    If you really don't want to pay for the authenticator, you can just download the mobile app for free and avoid the cost entirely.

    Again, where is that link to their "financials" that say they didnt profit from the sales of authenicators? I am waiting on it.  I have looked at every public document I could find from activision and I see no such "financials" did you just make that up?

     

    I can tell you 1 thing, In Blizzard's official response to the lawsuit they denied a lot of things:

       1)They denied the claim that they didnt give users proper noticifcation of the August Battle.net hack. 

        2) they denied the claim that the authenticator is required to keep the minimum level of security.

     

     

    BUT, the 1 claim they absolutely did NOT deny was the claim that they have profited from the sales of Authenicators, and that is a MAJOR assertion of the lawsuit. If it wasnt true, it would be the most easily refuted of all the claims made by the plaintiff. So, that it itself seems torefute your claim, which is why I would like to know what you base this claim on by providing a link.

    see for youself

    http://www.gameinformer.com/b/news/archive/2012/11/12/blizzard-sued-in-class-action-lawsuit.aspx

     

    Furthermore, there are other things working against Blizz here. On may 22 they issues a reponse to all the diablo account hacks saying that no customers with authenticators had been hacked. On may 26th, after a massive outcry rom people on the boards refuting that claim, they issues a statement saying people with Authenticators had in fact been hacked. At the very least, it is very aparent they have not been honest.

    The mere act of forcing people to use their email as the account name shows a complete lack of respect for customers security. 

  • NovusodNovusod Member UncommonPosts: 912
    Originally posted by erictlewis

    Law suits are one thing. You got to win them first, and hope the other guy does not appeal.  

    The thing about these class actions is that the lawers make most of the money.  I been in a few of those as well.  The most I ever got was 14 bucks over one of them due to so many folks.  I am in a pending one against vonage, lol I bet I never see a dime after the lawers are done. 

     

    Class action suits really arn't about getting money for the victims. These lawsuits are about punishing the company and also getting a cease and desist order going. If succesful they can change industry practices which yeilds a benifit out for those not even involved in the lawsuit. If a bunch of lawyers make a bunch of money off the deal who cares. The long term result is a positive one for society as a whole.

Sign In or Register to comment.