Blizzard sued over lax security in Battle.net hacking
Blizzard Entertainment is facing a class action lawsuit for allegedly not doing enough to protect its customers' private information when hackers breached the security of its Battle.net service.
Last August, hackers managed to break into Battle.net -- which is used for the online features of popular Blizzard games like Diablo III
and StarCraft II
-- and steal user data
including email addresses, personal security questions, and information related to the mobile/dial-in authenticators
meant to offer more security to users on the service.
And now lead plaintiff Benjamin Bell is suing Blizzard and its parent company Activision Blizzard, seeking damages for consumer fraud, negligence, unjust enrichment, breach of contract, and bailment, according to a report
from Courthouse News.
The suit takes particular issue with Blizzard "deceptively and unfairly" requiring players to purchase additional products to protect their accounts instead of making its service more secure. Bell claims that Blizzard has made $26 million from sales of its authenticators.
"Defendants negligently, deliberately, and/or recklessly fail to ensure that adequate, reasonable procedures safeguard the private information stored on this website," reads the complaint, which was filed with the California Central District Court.
Bell also says that Blizzard did not take the legally required steps fo alert players that their accounts were compromised. He is seeking class damages and an injunction to prevent Blizzard from requiring users to sign up for Battle.net accounts to play its games, and from requiring after-sale products to enhance customers' security.
Sony also suffered a high-profile security breach last year when hackers stole the private information for millions of PlayStation Network subscribers. Multiple class action suits
have been brought against the company
over its failure to protect users' data.
: Blizzard has responded
to news of the lawsuit, stating that it notified players as quickly as it could about the breach. "Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed," it said.
Regarding Bell's suggestion that the additional products for making a player's account more secure are deceptive, the company stated, "This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator's purpose."
"Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do."]