Blizzard faces class action suit over account authenticators

Blizzard Entertainment is facing a class action lawsuit over the sale of its Battle.net authenticators, which are used to provide security for player account information for games such as World of Warcraft and Diablo 3. The suit, filed by the law firm Carney Williams Bates Pulliam & Bowman, PLLC in the Central District of California, alleged that the authenticators were needed by players "in order to have even minimal protection for their sensitive personal, private, and financial data." The lawsuit referred to an August security breach in which no financial user data was reported to be stolen.

The class action suit posited that Blizzard practiced "deceptive upselling," in that it allegedly failed "to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing."

A Blizzard representative told Forbes that "this suit is without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels." The representative said the use of the authenticator tool was optional for players, and offered players "an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."

Blizzard's statement continued, "the suit's claim that we didn't properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed."
Show full PR text
CLASS ACTION LAWSUIT FILED AGAINST BLIZZARD ENTERTAINMENT, INC.
Los Angeles, CA – Consumer protection attorneys with the law firm Carney Williams Bates Pulliam & Bowman, PLLC filed a class action lawsuit against video game developer Blizzard Entertainment, Inc. and its parent company, Activision Blizzard, Inc., on behalf of millions of American customers who have been harmed by Blizzard's negligent and deceptive practices related to its customers' account security.
The suit was filed in the Central District of California and alleges that the company-whose titles include the popular franchises World of Warcraft, StarCraft, and Diablo-fails to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing. This deceptive upselling, coupled with Blizzard's negligence in maintaining proper security protocols, compromised millions of customers' email addresses, passwords, answers to personal security questions, and other items of sensitive information.
"Blizzard requires all of its customers to establish accounts with its online gaming service, Battle.net," says Hank Bates, "but it fails to disclose to consumers, prior to purchase, that they'll need additional products called authenticators to keep information stored in these accounts safe. Even though the company frequently receives complaints about accounts being hacked, it simply tells the customer to attach an authenticator to their account. Blizzard doesn't inform people about this requirement when they purchase the game, and that amounts to a deceptive trade practice. Worse still, Blizzard has failed to maintain adequate levels of security for its customers, time and again, which led to a significant loss of private data in Blizzard's safekeeping."
According to a press release posted on Blizzard's website on August 4, 2012, hackers infiltrated the company's internal network and obtained account information for players on Battle.net's North American servers, which includes gamers in North America, Latin America, Australia, New Zealand, and Southeast Asia.
"The bottom line," says Bates, "is that Blizzard should not be passing the costs of basic account security on to consumers after selling them these games. They need to be honest if they're going to saddle people with additional costs. They need to be up front about the level of protection
they will provide to their customers, and they cannot be negligent in maintaining proper security protocols."
The case is titled Benjamin Bell et al v. Blizzard Entertainment Inc. et al (Case No. 12-cv-09475).
Plaintiffs in the suit include any U.S. customer of Blizzard's who purchased one of its products after the company introduced the Battle.net authenticator, along with any U.S. customer who had an active Battle.net account during the data breach occurring on or about August 4, 2012.

This article was originally published on Joystiq.