Blizzard sued over security concerns, “deceptive upselling”

Blizzard, the developer of popular online games such as World of Warcraft and Diablo, has been hit with a class action lawsuit claiming that the company engages in “deceptive upselling” by not making it clear to the customers buying the games that they will also be required to buy the Blizzard Authenticator in order to keep their Battle.net accounts safe.

Benjamin Bell, the plaintiff heading the suit, also alleges that the company has “failed to maintain adequate levels of security for its customers, time and again, which led to a significant loss of private data in Blizzard’s safekeeping.”

He’s seeking damages and wants the court to issue an injunction to stop the company from requiring players to sign up for a Battle.net account in order to play the purchased games.

Blizzard has issued a statement regarding the lawsuit, describing it as “without merit and filled with patently false information.”

“The suit’s claim that we didn’t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed,” they claim.

“The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player’s Battle.net account information that’s stored on Blizzard’s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.”

“Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do,” they concluded.