Blizzard was sued a few days ago over its use of security authenticators for games like World of Warcraft and Diablo III. The lawsuit alleges that Blizzard willingly and knowingly allowed its security to slack and remain vulnerable to account hijackers for the purpose of selling authenticators, which the lawsuit alleges has earned the company millions in additional profit.
The publisher has since responded to the lawsuit, calling it “without merit and filled with patently false information,” dismissing the case as a frivolous one. Their statement reads as follows:
“The suit’s claim that we didn’t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed.”
“The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player’s Battle.net account information that’s stored on Blizzard’s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose… Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.”
If the original lawsuit is to be understood, it lays the fault of the end-users’ inability to secure their own computers at the foot of Blizzard, which is nothing short of ridiculous. It’s a bit like blaming the weather for getting caught out in the rain.
I should also note that users are completely free to download Blizzard's mobile authenticator for free on the iPhone and Android, so it's not as if the publisher is forcing anyone to purchase the standalone device.
Meanwhile, Nathan Grayson on RPS argues that Blizzard's willingness to cast aside the lawsuit as frivolous "leaves a yucky taste in [his] mouth", to which I would ask: what else would you have them do? It's a lawsuit. If they admit any wrongdoing, any such admission—whether done in the purpose of humility or not—would leave the company vulnerable to litigation. Blizzard would most certainly argue that it does all it can—and more—to secure its products. It's ludicrous to argue that the company wants its users to be vulnerable to hackers and account hijackers.
