Blizzard sued over security concerns, "deceptive upselling"
Posted on 12 November 2012.
Blizzard, the developer of popular online games such as World of Warcraft and Diablo, has been hit with a class action lawsuit claiming that the company engages in "deceptive upselling" by not making it clear to the customers buying the games that they will also be required to buy the Blizzard Authenticator in order to keep their accounts safe.

Benjamin Bell, the plaintiff heading the suit, also alleges that the company has "failed to maintain adequate levels of security for its customers, time and again, which led to a significant loss of private data in Blizzardís safekeeping."

He's seeking damages and wants the court to issue an injunction to stop the company from requiring players to sign up for a account in order to play the purchased games.

Blizzard has issued a statement regarding the lawsuit, describing it as "without merit and filled with patently false information."

"The suitís claim that we didnít properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed," they claim.

"The suit also claims that the Authenticator is required in order to maintain a minimal level of security on the playerís account information thatís stored on Blizzardís network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticatorís purpose. The Authenticator is an optional tool that players can use to further protect their accounts in the event that their login credentials are compromised outside of Blizzardís network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."

"Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do," they concluded.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th