Blizzard slams lawsuit over player security and sale of Battle.net Authenticators

Blizzard has hit out at a law suit that calls into question the way the company protects player information.

Last week a class action lawsuit accused Blizzard of failing to secure player information in August when it suffered a system breach and, most damning, alleged it committed fraud and unjust enrichment by requiring players buy Battle.net Authenticators.

The class action, which claims Blizzard has made millions selling Authenticator dongles instead of securing user info, was filed by a pair of gamers who allege Blizzard failed to properly secure players' information and required them to buy Authenticators "in order to have even minimal protection for their sensitive personal, private, and financial data”.

Responding to Eurogamer sister site GamesIndustry International, Blizzard said the suit was “without merit” and vowed to defend itself.

"We want to reiterate that we take the security of our players' data very seriously, and we're fully committed to defending our network infrastructure,” reads a statement.

“We also recognize that the cyber-threat landscape is always evolving, and we're constantly working to track the latest developments and make improvements to our defenses.

"The suit's claim that we didn't properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed. You can read our letter to players and a comprehensive FAQ related to the situation on our website.

"The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player's Battle.net account information that's stored on Blizzard's network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator's purpose.

"The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard's network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.

"When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player's login credentials. This helps our systems identify when it's actually the player who is logging in and not someone who might have stolen the player's credentials by means of one of the external theft measures mentioned above, or as a result of the player using the same account name and password on another website or service that was compromised.

“Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.

"Many players have voiced strong approval for our security-related efforts. Blizzard deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit."

Blizzard has had a tough 2012 when it comes to security.

In May, in the wake of the troubled launch of Diablo 3, players reported their accounts had been compromised and in-game items stolen.

At the time Blizzard insisted the Diablo 3 accounts were being compromised through "traditional means" and were being accessed using passwords. All reports the company had investigated were into accounts that did not use its Authenticator.

Then, in August, Blizzard announced that Battle.net - Blizzard's online service that stores personal and financial data for players of games such as Diablo 3 and World of Warcraft - had recently been hacked.