Blizzard Responds to Lawsuit Over Authenticators

[Neve12ende12]

[citation][nom]stevelord[/nom]Blizzard does have an SMS feature that is separate from the authenticator...........[/citation]

So I have to pay $0.99 everytime or I want to log in or $20 a month for a text messaging plan?

 

[stevelord]

Next you're going to whine about being forced to provide phone numbers for services and accounts in every industry.....


It's OPTIONAL. Just like common sense.

 

[-Fran-]

From all the years playing WoW (left in mid Cata), I have never ever used any "Authenticator" and never got my account hacked or stolen.

Blizzard does provide enough security and as they correctly say, this is an additional, BUT OPTIONAL measure.

This lawsuit is a cheap shot at Blizzard and it will fail hard.

Cheers!

 

[Cazalan]

Class action lawsuits like this are a waste of everyone's time and money.

Lawyers get to legally waste (steal) tax payer money and troll companies. The end users get a few pennies which isn't even worth their time following up on the case or participating at all.

I get a few notices/offers a year on these and it's a waste of a large stack of paper they deliver to your door.

 

[GNCD]

[citation][nom]Neve12ende12[/nom]So I have to pay $0.99 everytime or I want to log in or $20 a month for a text messaging plan?[/citation]

do you get charged for receiving SMS?

 

[spartanmk2]

Ive had my iTunes hacked and the remaining balance of $3.48 drained, but my WoW account of 8 years has not. Wtf.

 

[jaber2]

Anyone blaming the user is an idiot, even after the user clicks on spam and gives up his info for hackers, which is easily fix with a call to support, the issue is blizzard required the authenticator if your accounts that got hacked, so even though you are stupid and got your account hacked several times, they made it a requirement, which means they charged you for something after the purchase of the software.

 

[shqtth]

[citation][nom]Thomas Creel[/nom]This is just silly, a lawsuit?What is wrong with people.[/citation]


majority of people are born retarded.

 

[valkain]

[citation][nom]jaber2[/nom]Anyone blaming the user is an idiot, even after the user clicks on spam and gives up his info for hackers, which is easily fix with a call to support, the issue is blizzard required the authenticator if your accounts that got hacked, so even though you are stupid and got your account hacked several times, they made it a requirement, which means they charged you for something after the purchase of the software.[/citation]

This is an OPTIONAL PHYSICAL Device.

Do you tell your Car Dealer I'm paying for the car, I should get free gps tracking, free car alarm and a free extra lock? Any dealer that gives it away "free" pads the expense elsewhere. Frankly, buying a full with an all options packaged car valued at $45,000 won't be sold to you for $10,000. (Although such a legitimate dealer does exist in the US, please let me know)

Do you stupid people walk down to the Home Depot and tell the salesman they need a physical lock, for free, and that Home Depot should install it for free as well?

Blizzard offers a FREE OPTIONAL SERVICE. YES I SAID FREE. F R E E, FREE

Do you have a smart phone? Great here is a FREE Software Authenticator!
No Smart Phone? Do you have an SMS Capable Device? Here you go! Please don't forget to check with your Phone Carrier with regards to any potential charges for texting.

Do you not have either? Well Blizzard still wants to give you an opportunity to safe guard your accounts in case your your computer gets compromised. Blizzard has a physical authenticator sold by Vasco for you. Blizzard tried to get them to provide us with free equipment but Vasco said no. For some reason other business don't want to provide Blizzard or their customers with freebies, But Blizzard talked Vasco into giving YOU a BULK DISCOUNT RATE! But wait! Blizzard saved you the trouble of setting up a business account with Vasco and requiring you to buy 10,000 units at a time. Blizzard instead setup a business account on your behalf, and bought 10,000 units at a time to supply thousands of other people wanting a physical authenticator! So you only need to pay Vasco $6.50 by funneling it through your Blizzard Account!

You STILL don't want an Authenticator? Sure no problem you don't need to get one Just please bear in mind if your pc gets compromised, you will need wait in line with the dozen of other people that got their pc infected. Don't worry though, our team of GM's will recover your account for free once your turn comes up. Excuse me? No I'm sorry, we do not deal with Nigerian Prince or Princess, Blizzard cannot help you setup bank transfers.

 

[joebakb]

[citation][nom]No anonymous posting so I need to f[/nom]Bull, I ignore all spam mail and yet my battle.net account was hacked when I hadn't used it for months.[/citation]

There are other avenue's to get infections than mail and infections can most definitely steal any account credentials that you have entered online. You can get infected in some instances by just visiting websites (Drive-by) if you don't have up-to-date windows patches, java, flash, anti-virus/anti-malware, etc. Your favorite sites can even infect you through their ad network and not even be aware of it for some time (which is why I also use ad blocker plus). Honestly, who can't afford a ONE TIME $6.50 cost to protect you while you are paying $15 per month for a subscription-based game? If you say you can't, you are probably either lying, lazy or too proud of yourself and your 'skillz'.

I think that this lawsuit is retarded, but also that Blizzard should just fork over authenticators to all their customers. It'll likely save them money in the long-run on customer service anyway.

With that said, if you own a game that has an authenticator available and you make more than $0.50 per hour do yourself a favor and buy one (or get the phone ap).

 

[mstngs351]

[citation][nom]jaber2[/nom]Anyone blaming the user is an idiot, even after the user clicks on spam and gives up his info for hackers, which is easily fix with a call to support, the issue is blizzard required the authenticator if your accounts that got hacked, so even though you are stupid and got your account hacked several times, they made it a requirement, which means they charged you for something after the purchase of the software.[/citation]

No they didn't force people to buy the authenticator. Your entire statement is patently false.

 

[raytseng]

Misleading title.

How is it "Bogus" The lawsuit itself seems to be very real;

Now the claims of the lawsuit maybe found to be untrue, but it's a real lawsuit that was filed right?


Many people are mad at Blizzard, for Diablo3, that they are willing to extract their pound of flesh of recompense one way or another.

Even if it's a nuisance lawsuit, it's still a "real" lawsuit, that forced Blizzard's lawyers to do work and file a response.

 

[wildkitten]

For those who keep saying that this is about people who click bad links in emails or ads, this is not what the lawsuit is about. It's about the times Blizzard got hacked, especially back in May, when many details were stolen about customers. Shortly after that hack, people who had smartphone authenticators noticed their accounts were being hacked though things on their end were secure and their authenticators were active. Blizzard at first denied this massive increase in hacking but a couple weeks later finally admitted that a large number of accounts, even ones with authenticators, were being hacked.

The problem with software based authenticators is they can be spoofed unlike hardware ones. The dongle ones are reliant on their time chip that and is the reason that the battery can not be changed in them as it would throw the timing off. However, the software smartphone authenticators can be spoofed once the serial number or other information is known.

What the lawsuit is dealing with is Blizzard's lack of security on their end protecting customer information, as well as smartphone authenticator information, in the Blizzard database.

 

[wildkitten]

[citation][nom]valkain[/nom]This is an OPTIONAL PHYSICAL Device.Do you tell your Car Dealer I'm paying for the car, I should get free gps tracking, free car alarm and a free extra lock? Any dealer that gives it away "free" pads the expense elsewhere. Frankly, buying a full with an all options packaged car valued at $45,000 won't be sold to you for $10,000. (Although such a legitimate dealer does exist in the US, please let me know)Do you stupid people walk down to the Home Depot and tell the salesman they need a physical lock, for free, and that Home Depot should install it for free as well?Blizzard offers a FREE OPTIONAL SERVICE. YES I SAID FREE. F R E E, FREEDo you have a smart phone? Great here is a FREE Software Authenticator!No Smart Phone? Do you have an SMS Capable Device? Here you go! Please don't forget to check with your Phone Carrier with regards to any potential charges for texting.Do you not have either? Well Blizzard still wants to give you an opportunity to safe guard your accounts in case your your computer gets compromised. Blizzard has a physical authenticator sold by Vasco for you. Blizzard tried to get them to provide us with free equipment but Vasco said no. For some reason other business don't want to provide Blizzard or their customers with freebies, But Blizzard talked Vasco into giving YOU a BULK DISCOUNT RATE! But wait! Blizzard saved you the trouble of setting up a business account with Vasco and requiring you to buy 10,000 units at a time. Blizzard instead setup a business account on your behalf, and bought 10,000 units at a time to supply thousands of other people wanting a physical authenticator! So you only need to pay Vasco $6.50 by funneling it through your Blizzard Account! You STILL don't want an Authenticator? Sure no problem you don't need to get one Just please bear in mind if your pc gets compromised, you will need wait in line with the dozen of other people that got their pc infected. Don't worry though, our team of GM's will recover your account for free once your turn comes up. Excuse me? No I'm sorry, we do not deal with Nigerian Prince or Princess, Blizzard cannot help you setup bank transfers.[/citation]
And what do you do when someone hacks into Blizzard's servers and steals the information needed to spoof the smartphone authenticators as well as other information needed?

See, this is where so many of you are missing the point. This isn't about the ones foolish enough to click bad links in emails or go to gold selling web sites.

 

[Guest]

Some Blizzard game features require you to have an authenticator. D3 RMAH comes to mind. This information is not documented on the Retail Box or on the digital store.

 

[valkain]

[citation][nom]wildkitten[/nom]And what do you do when someone hacks into Blizzard's servers and steals the information needed to spoof the smartphone authenticators as well as other information needed?See, this is where so many of you are missing the point. This isn't about the ones foolish enough to click bad links in emails or go to gold selling web sites.[/citation]

Those are two SEPERATE ISSUES. Server security is Blizzards responsability. If people's accounts got hacked through a fault in Blizzards security, that's their responsibility to address. It is no different than how a bank takes steps to deter and prevent bank robberies but cannot guarantee you they will never be held up at gun point.

The Authenticator is protection from the USER side. Say someone rigged with an extra device to read any swiped cards and there is a hidden camera nearby reading your pin. Guess what its your fault for not checking the atm wasn't tampered with. Now someone can go empty your bank account. The banks will not catch that in time to protect you. (That can be a real issue btw with an atm, I'm not making this up, go google it). Now imagine if you had a little device where you had to enter in an extra set of random number before you use the atm. The thief can use your pin and your debit all day long and it will not work without that extra set of numbers.


This lawsuit is trying to claim your forced to buy USER PC PROTECTION for a SERVER SIDE Vulnerability. Two SEPARATE ISSUES. If someone wants to class action lawsuit that Blizzard did not secure their server that is one thing, I won't argue that. To claim Blizzard is forcing you to buy security for YOUR PC to prevent THEIR SERVER from being hacked is a complete disconnect on how security functions on so many levels.

An authenticator WILL NOT prevent the server from being hacked. An authenticator WILL HELP prevent your account from being accessed if YOU get compromised.

 

[oxiide]

[citation][nom]Neve12ende12[/nom]So I have to pay $0.99 everytime or I want to log in or $20 a month for a text messaging plan?[/citation]
Heh, I think in that case paying the one-time $6.40 for a keychain authenticator makes a bit more sense. Or you could just opt out of the optional authenticator system and keep your computer clean instead.

Or, hey, there's always class-action lawsuits. Whatever you feel is easier.

 

[wildkitten]

[citation][nom]valkain[/nom]Those are two SEPERATE ISSUES. Server security is Blizzards responsability. If people's accounts got hacked through a fault in Blizzards security, that's their responsibility to address. It is no different than how a bank takes steps to deter and prevent bank robberies but cannot guarantee you they will never be held up at gun point.The Authenticator is protection from the USER side. Say someone rigged with an extra device to read any swiped cards and there is a hidden camera nearby reading your pin. Guess what its your fault for not checking the atm wasn't tampered with. Now someone can go empty your bank account. The banks will not catch that in time to protect you. (That can be a real issue btw with an atm, I'm not making this up, go google it). Now imagine if you had a little device where you had to enter in an extra set of random number before you use the atm. The thief can use your pin and your debit all day long and it will not work without that extra set of numbers.This lawsuit is trying to claim your forced to buy USER PC PROTECTION for a SERVER SIDE Vulnerability. Two SEPARATE ISSUES. If someone wants to class action lawsuit that Blizzard did not secure their server that is one thing, I won't argue that. To claim Blizzard is forcing you to buy security for YOUR PC to prevent THEIR SERVER from being hacked is a complete disconnect on how security functions on so many levels.An authenticator WILL NOT prevent the server from being hacked. An authenticator WILL HELP prevent your account from being accessed if YOU get compromised.[/citation]
Exactly, server security is Blizzard's responsibility. Did you read this article you commented on? It says specifically...

The lawsuit specifically points out two recent security instances which took place in May and then in August, both in 2012, which led to the theft of private information, and that Blizzard didn't properly alert customers about the latter incident

This lawsuit isn't about people suing Blizzard because they were stupid enough to click a gold sellers link in an email. This has to do with Blizzard being hacked and information stolen and Blizzard being slow to do anything.

As for as authenticators being user side, sorry, not in the case of the smartphone app. All the information needed to spoof the software based authenticators can be taken from Blizzard's servers. A hacker doesn't need anything from the user. Do you think it was really all those users faults that a HUGE amount of them got their accounts hacked immediately after May's incident? If so, why weren't they users of the physical authenticator?

And since the software authenticator seems to be compromised on Blizzard's end, then yes, a person needs to get the physical one to be more secure. And if you think they really sell it at cost, you don't know much about these devices. The dongle Blizzard uses is one that has been out for years. It's the simple one, and costs Blizzard maybe a dollar or more per unit in the bulk they buy them in.

Maybe if Blizzard didn't at first deny the massive account hacks and stolen customer information only to have to admit it weeks later, they wouldn't find themselves in this mess.

 

[nicodemus_mm]

[citation][nom]thecolorblue[/nom]explain yourself.as for my comment... Blizzard claiming that there is a free alternative cannot count as a legitimate explanation BECAUSE the alternative has a prerequisite... namely ownership of a qualified device. Not everyone owns such devices, therefore the attempt to slime by with that explanation as an excuse falls flat on its face.They'd be better off not proffering that excuse at all.[/citation]

Brilliant. You forgot the prerequisite of having to subscribe to the game or have an internet connection or a PC. Also a myriad of other factors... like food, water, etc. I've heard the saying that "nothing is free" but yours is the only logic that seriously attempts to validate that statement. Better that Blizzard had not offered the app? or the authenticator? How about just shut down WoW? If someone gives you a free meal are they also required to eat it for you so you don't have to expend the energy to do so?

ActiBlizzard developed the app and provides it free of cost to anyone to use. The act of doing so without additional fees for said app is what is meant by free. Requiring that they also provide the device and network coverage to use said app is a failure of common sense or an entitlement complex... though the latter requires the former so it's probably the most accurate.

 

[accolite]

the physical $6.40 version is merely an optional accessory for those who can't/won't use the apps

I don't want to install a damn app and I don't want to pay? So I guess I'm screwed by them then?

 

[nicodemus_mm]

[citation][nom]accolite[/nom]I don't want to install a damn app and I don't want to pay? So I guess I'm screwed by them then?[/citation]

Assuming you're not trolling:

TL;DR: No. The only one doing the screwing is you.

Based on your second question I have to assume that you either
A) assume there's no security without the magic doo-dads (which is incorrect) and/or
B) you're incompetent and are afraid you're going to cry havoc and let slip the the passwords of WoW.

You have been provided additional methods to obtain additional security on top of the existing system, yet you CHOOSE not to use those methods. That CHOICE is yours alone. ActiBlizzard has as decent base level of security with no additional cost or effort. This assumes the end-users (players) possess the common sense necessary to maintain password integrity on their end. Lack of said common sense and being lazy or cheap are problems for the end-users, not ActiBlizzard.

This isn't in response to accolite specifically, just in general:
Considering the money that people throw at their games anyway, I really don't understand the issue. If money is really that tight and you HAVE to play WoW, D3, whatever; unsub for a month and use the money to buy an authenticator... with cash to spare on a book about financial planning or maybe a meal out.
If it's out of principle... wow, not WoW, just... wow. I don't know what principles can defend most of these complaints. If it's an attempt to "stick it to the man", way to go! After throwing cash in "the man's" face for these games I'm sure refusal to buy a device or use an app is really going to drive the point home.
Speaking of cash... if the point is financial it's really up to the end-user to determine if the greatly added security is worth the cost. Risk versus reward. Risk those accounts and the countless effort they represent for a reward of less than $7 USD.