Blizzard Sued Over Battle.net Authenticators

 Pages PREV 1 2 3 4 NEXT
 

Ken Sapp:

You are overlooking the fact that Blizzard is not the only company that is pretty much constantly under attack. With so many companies out there that are under attack at any given moment, why is it that Blizzard gets a free pass on its inadequate security measures? Especially if they are going to require a Battle.net account and an always on connection to play the single player portion of their games? I don't have a problem with them offering the authenticators for sale(the hardware does cost something to manufacture after all), but if they are going to make them a necessity for a secure online experience then they should include them in the game box instead of making them a separate purchase which is mildly suggested. In the meantime they need to do far more to beef up their own internal security.

Again, their security is FINE.
The client's isn't.

That's what the authenticator does.
It doesn't improve Blizzard's security at all, it improves the client's, that's where the problem lies.

If you literally give away your login details, what else is there for blizzard to protect?
Cause that's what these "hacks" are.

People give away their log in details, either knowingly (by buy from goldsellers) or unknowingly by getting keylogged.

These people then sell the characters' gear in order to keep the gold selling business flowing.

A steam account is nice to hack, but won't actually give you anything to sell, like in game gold.

I can say this, I can understand where they are coming from with this. I've been a victim of un-recoverable amount of damages three times, to the point where I don't see much use in trying to protect things anymore. I understand that WoW is a huge target, but their security system is *god awful* and is partially why I stopped playing.

That being said, I'm thinking the people bringing the suit are going to have a hard time proving that the security holes were *intentional* like the suit seems to imply. That's a pretty damn tall order.

Ranorak:

Crono1973:

Ranorak:

Of course not, WoW is huge, why pick other (smaller) markets when there is the behemoth called Blizzard.

Big company, lots of vultures.

I think Steam is pretty big too, never had any type of problems with them. Bank of America is pretty damn big too but once again, no problems with them.

Blizzard wants to force every game online as a DRM measure but they lack the ability to protect the accounts without an authenticator.

Again, the "hacks" are ALWAYS at the side of the CLIENT!

If I were to ask you in a mail to give me your bank account details, and you did.
Would you say that Bank of America has poor security? Cause 9 out of 10 cases this is what happens with Blizzard "hacks".

Notice how I keep saying "hacks" cause they're not hacks at all.

As for why Steam has less problems, I don't know. I'm sure they have their fair share of compromised accounts as well.

The compromise is not always on the users side, that's a common source but not the only one. Also blizzard has been hacked and had info stolen, they informed the public however the fact remains that their not securing their system adequately, esp considering their clearly a target. Another point, to your previous post, if someone's account is compromised by malicious software from the blizzard website then they are responsible for not securing it correctly. They should provide the authenticators for free (preferably in the game box) as its clear there's an issue. My bank gave me one for free, if a bank can be that generious then it says something for blizzards greed.

Ranorak:

Ken Sapp:

You are overlooking the fact that Blizzard is not the only company that is pretty much constantly under attack. With so many companies out there that are under attack at any given moment, why is it that Blizzard gets a free pass on its inadequate security measures? Especially if they are going to require a Battle.net account and an always on connection to play the single player portion of their games? I don't have a problem with them offering the authenticators for sale(the hardware does cost something to manufacture after all), but if they are going to make them a necessity for a secure online experience then they should include them in the game box instead of making them a separate purchase which is mildly suggested. In the meantime they need to do far more to beef up their own internal security.

Again, their security is FINE.
The client's isn't.

That's what the authenticator does.
It doesn't improve Blizzard's security at all, it improves the client's, that's where the problem lies.

If you literally give away your login details, what else is there for blizzard to protect?
Cause that's what these "hacks" are.

People give away their log in details, either knowingly (by buy from goldsellers) or unknowingly by getting keylogged.

These people then sell the characters' gear in order to keep the gold selling business flowing.

A steam account is nice to hack, but won't actually give you anything to sell, like in game gold.

Totally agree, people need to get their facts right, Blizz has awesome security server side, only one major hack in its life time, that's actually a really good track record, its all the people out there who think they dont need Anti virus, giving you account details out is a smart thing to do and dont know the difference between a 'hack' and them being lax on THEIR computer security.

RicoADF:

Ranorak:

Crono1973:

I think Steam is pretty big too, never had any type of problems with them. Bank of America is pretty damn big too but once again, no problems with them.

Blizzard wants to force every game online as a DRM measure but they lack the ability to protect the accounts without an authenticator.

Again, the "hacks" are ALWAYS at the side of the CLIENT!

If I were to ask you in a mail to give me your bank account details, and you did.
Would you say that Bank of America has poor security? Cause 9 out of 10 cases this is what happens with Blizzard "hacks".

Notice how I keep saying "hacks" cause they're not hacks at all.

As for why Steam has less problems, I don't know. I'm sure they have their fair share of compromised accounts as well.

The compromise is not always on the users side, that's a common source but not the only one. Also blizzard has been hacked and had info stolen, they informed the public however the fact remains that their not securing their system adequately, esp considering their clearly a target. Another point, to your previous post, if someone's account is compromised by malicious software from the blizzard website then they are responsible for not securing it correctly. They should provide the authenticators for free (preferably in the game box) as its clear there's an issue. My bank gave me one for free, if a bank can be that generious then it says something for blizzards greed.

1) they were hacked, ONCE, no info was stolen and no accounts were compromised.

2)It's not the official blizzard sites that get targeted, it's fan-sites (HUUUUGE popular fan-sites like WoWhead and Wowwiki)

3)You mean like the free one for phones, yeah real greedy.
Or you mean the one that costs 10 euro, with a free in-game pet. Where all costs goes directly to the authenticator's producer and none to blizzard, again, real greedy.

Ranorak:

RicoADF:

Ranorak:

Again, the "hacks" are ALWAYS at the side of the CLIENT!

If I were to ask you in a mail to give me your bank account details, and you did.
Would you say that Bank of America has poor security? Cause 9 out of 10 cases this is what happens with Blizzard "hacks".

Notice how I keep saying "hacks" cause they're not hacks at all.

As for why Steam has less problems, I don't know. I'm sure they have their fair share of compromised accounts as well.

The compromise is not always on the users side, that's a common source but not the only one. Also blizzard has been hacked and had info stolen, they informed the public however the fact remains that their not securing their system adequately, esp considering their clearly a target. Another point, to your previous post, if someone's account is compromised by malicious software from the blizzard website then they are responsible for not securing it correctly. They should provide the authenticators for free (preferably in the game box) as its clear there's an issue. My bank gave me one for free, if a bank can be that generious then it says something for blizzards greed.

1) they were hacked, ONCE, no info was stolen and no accounts were compromised.

2)It's not the official blizzard sites that get targeted, it's fan-sites (HUUUUGE popular fan-sites like WoWhead and Wowwiki)

3)You mean like the free one for phones, yeah real greedy.
Or you mean the one that costs 10 euro, with a free in-game pet. Where all costs goes directly to the authenticator's producer and none to blizzard, again, real greedy.

If their going to require online accounts for games like star craft and Diablo then they should be required to provide an authenticator (especially when a lot of us just want to play SP/LAN MP. I don't care about WoW but since there's an issue once again they should provide the authenticator for free to those without smart phones. They make enough, regardless of weather they make money off the authenticator, they do make money off the game and thus they should provide the extra security for those without smart phones.

edit: note it doesn't have to be a physical one like what they have, an email based one like steam but sent on every login would work too.

RicoADF:

Ranorak:

RicoADF:

The compromise is not always on the users side, that's a common source but not the only one. Also blizzard has been hacked and had info stolen, they informed the public however the fact remains that their not securing their system adequately, esp considering their clearly a target. Another point, to your previous post, if someone's account is compromised by malicious software from the blizzard website then they are responsible for not securing it correctly. They should provide the authenticators for free (preferably in the game box) as its clear there's an issue. My bank gave me one for free, if a bank can be that generious then it says something for blizzards greed.

1) they were hacked, ONCE, no info was stolen and no accounts were compromised.

2)It's not the official blizzard sites that get targeted, it's fan-sites (HUUUUGE popular fan-sites like WoWhead and Wowwiki)

3)You mean like the free one for phones, yeah real greedy.
Or you mean the one that costs 10 euro, with a free in-game pet. Where all costs goes directly to the authenticator's producer and none to blizzard, again, real greedy.

If their going to require online accounts for games like star craft and Diablo then they should be required to provide an authenticator (especially when a lot of us just want to play SP/LAN MP. I don't care about WoW but since there's an issue once again they should provide the authenticator for free to those without smart phones. They make enough, regardless of weather they make money off the authenticator, they do make money off the game and thus they should provide the extra security for those without smart phones.

Why?

I feel like a broken record for saying this, but it's not blizzard's fault.
In the end, a bank is guarding REAL money, not fake in-game gold.
In your Blizzard account gets hacked, you're annoyed, if your bank account gets "hacked" you're possibly screwed for life.

I don't see why an entertainment company has to hand out free stuff, just because most users give away their security details?

Could they? Yes, probably. They'd make a small loss every time they do.
Should they? No, Blizzard already does enough Charity and is in no way obligated to protect people who can't protect them selves.

Shaidz:

Ranorak:

Ken Sapp:

You are overlooking the fact that Blizzard is not the only company that is pretty much constantly under attack. With so many companies out there that are under attack at any given moment, why is it that Blizzard gets a free pass on its inadequate security measures? Especially if they are going to require a Battle.net account and an always on connection to play the single player portion of their games? I don't have a problem with them offering the authenticators for sale(the hardware does cost something to manufacture after all), but if they are going to make them a necessity for a secure online experience then they should include them in the game box instead of making them a separate purchase which is mildly suggested. In the meantime they need to do far more to beef up their own internal security.

Again, their security is FINE.
The client's isn't.

That's what the authenticator does.
It doesn't improve Blizzard's security at all, it improves the client's, that's where the problem lies.

If you literally give away your login details, what else is there for blizzard to protect?
Cause that's what these "hacks" are.

People give away their log in details, either knowingly (by buy from goldsellers) or unknowingly by getting keylogged.

These people then sell the characters' gear in order to keep the gold selling business flowing.

A steam account is nice to hack, but won't actually give you anything to sell, like in game gold.

Totally agree, people need to get their facts right, Blizz has awesome security server side, only one major hack in its life time, that's actually a really good track record, its all the people out there who think they dont need Anti virus, giving you account details out is a smart thing to do and dont know the difference between a 'hack' and them being lax on THEIR computer security.

Do either of you work for Blizzard? I'm just wondering since you seem to have such intimate details about how "awesome" their server-side security is, to know for a fact that "all hacks" are client-side. As an IT professional I know that there is no such thing as perfect security and every system gets hacked eventually. Thinking that a system as large and attractive as Blizzard's has a perfect record is naive.

If their first response to any security question of incident is to say get an authenticator and they require an online account to use software which should have no need of it, then they should be included in the package. And if I recall correctly the first hacks of Diablo III accounts was accomplished in-game to people who did not disable public games, hardly a client-side hack when it was the default behavior. Its been a while so I don't remember all the details.

There are plenty of services that manage to provide adequate security on a daily basis. There are libraries of information for secure networks and accounts. Surely Blizzard makes enough money off of its games sales and subscriptions to pay for few developers to secure their systems.

I did not say it before, but I will now. IMO the lawsuit deserves to fail as Blizzard also offers email and SMS authentication IIRC. Regardless, there are a few methods Blizzard could implement tomorrow to improve its account security strength, most notably making passwords case-sensitive.

I have my own opinions on this whole situation, but I'm going to keep them to myself for now. Seeing as tempers seem rather heated on the topic.

However, I must point out the inaccuracies of two things that some Blizzard fans are saying.

Firstly, this:

Of course not, WoW is huge, why pick other (smaller) markets when there is the behemoth called Blizzard.

Big company, lots of vultures.

...is a very poor excuse for flimsy security measures. There are other software "markets" just as big as, if not larger than, the IPs of Blizzard. Yet, you don't see them essentially requiring "authenticators" to keep your accounts safe.

Secondly, to all those saying you can get a "free" authenticator app for your smart-phone, you're forgetting one thing. Blizzard themselves will tell you that the "free" authenticator isn't as good at safeguarding your account as the physical dongle version.

I had a WoW account for 4 years. Same user name, same password, same email. Never had a single problem - not even a single phishing scam email. Then I quit for a while, got a new, better computer, and the first thing I did after getting it set up and cleaning the pre-loaded garbage and installing my anti-virus/adware/pop-up blocker, script blocker, etc and doing a scan was re-install and resub to WoW. I was forced to convert it to a Battle.net account to come back. I had no key-logs, I responded to no obviously fake emails or visited any 3rd party sites. I was hacked the next day, my email account started getting flooded (50+ emails a day) with spam, and I was then told to get an authenticator.

I wish I knew about this suit.

Sylveria:

Ranorak:

Crono1973:

I think Steam is pretty big too, never had any type of problems with them. Bank of America is pretty damn big too but once again, no problems with them.

Blizzard wants to force every game online as a DRM measure but they lack the ability to protect the accounts without an authenticator.

Again, the "hacks" are ALWAYS at the side of the CLIENT!

If I were to ask you in a mail to give me your bank account details, and you did.
Would you say that Bank of America has poor security? Cause 9 out of 10 cases this is what happens with Blizzard "hacks".

Notice how I keep saying "hacks" cause they're not hacks at all.

As for why Steam has less problems, I don't know. I'm sure they have their fair share of compromised accounts as well.

Guess were just gonna pretend that the PSN hack never happened. Not to mention the Steam one a few months back.

Hacks happen, some are client side, some aren't. Stop blaming the victim you mindless Blizzard fan-boy. I imagine you're one of these types that think rape victims were asking for it to.

Dude, that isn't cool, there is a huge differences between personal safety and making sure your anti virus is up to date -_-".

A main point in this argument is that, i would bet 99% of the time, accounts that are compromised and done so from the client end and NOT the server end. Thus it is the customers responsibility to make sure THEIR computer is secure or would you have blizz not let you log on unless you have a working anti virus, firewall and what not? Blizz have a good number of security options, i would say my battle.net account has more security attached to it than my bank account does -_-". So in the end this lawsuit has nothing to stand on and if i were the judge would throw it out the window, along with the plaintiff - along with a few Zerg and a murloc, in case the fall failed to knock sense into the guy.

DrunkOnEstus:
I really don't see how it's the customer's fault if a hack occurs. If Blizzard insists that everyone who plays Diablo 3 has to make an account and be online/connected to their servers, doesn't it fall on them to ensure that their players' information is safe? If they are going to make it mandatory that I give them personal information, they damn well better be taking steps to secure the information on their end, because this kind of shit happens no matter what your password is if someone straight up hacks battle.net.

This suit is valid. Blizzard does not warn or advise anyone that their account isn't "truly" secure unless they have a smartphone or give them 6 bucks for a USB stick. They didn't make it at all clear before this that you can't use the RMAH unless you have a smartphone or give them 6 bucks. This suit is about Blizzard pushing the cost of one of their duties down to the consumer and profiting off of it. Please stop accepting this kind of crap and thinking it's totally cool. Nobody should demand personal information and refuse to keep it secure unless unspoken conditions are met.

The authenticators prevent the "Hack" from occurring at the end of the users PC by adding an extra layer of login information that can't be picked up or replicated by keyloggers. The "cost" and "Duty" of securing their personal computer or workstation is the users. Not the game company's. It's that simple. The authenticator is a tool to help secure your account should your personal security be lax or fail.

Authenticators are an optional personal protection mechanism. Not unlike your Anti Virus software or other reasonable protections you the user choose to put in place. Further authenticators are available for free. As others have pointed out the mobile and landline phone versions are free.

Once again, if an authenticator is coming into play, then the user has failed. Not the game company. The players computer has become infected with a keylogger or malware.

The physical "keyfob" authenticators that Blizzard offers are VASCO Digipass devices. Blizzard offers them at cost. The $6 you pay is what it costs Blizzard to buy the device wholesale and mail it to you. There is no profit or margin on them. If anything they may take a very slight loss.

NLS:
It's optional. If you can't keep your own account safe, then you deserve it.

I agree. This lawsuit is foolish.

I thought the authenticators was a cool move by Blizzard.

Now my cellphone makes my account so safe that I never worry about it. I didn't have to pay them a dime.

I wish ALL services had authenticator options >: (.

Shaidz:

Dude, that isn't cool, there is a huge differences between personal safety and making sure your anti virus is up to date -_-".

In some ways I blame the last election for rape replacing calling everything Nazis.

Now its like "You don't want cream in your coffee? You must be cool with rape then."

Disappointing.

Well, the authenticator is free, so long as you have a platform that can use 'apps'. On top of that, an authenticator is an optional additional security measure. Its like they are charging protection money, they charge a fee for the physical item you use to authenticate (the service is free since the app, a non-physical interface, is free is free) that helps add security. This is so frivolous.

Ranorak:
-snip-

Yep, a classic case of PEBKAC. Fun thing is that the users don't even know they are the problem, not Blizz security, like the guy here saying his Diablo account got hacked and thinks it was server side, or all that BS about accounts in diablo being hacked by joining a MP game. Blizz level of security is honestly impressive, they have survived several hacking attempts and a bunch of pro DoS attacks giving zero usable info to the attackers and almost no downtime, which puts them historically ahead of the Department of Defense and not even in the same league as Sony or Microsoft.

Anyway I don't care at all about Activision/Blizz, they are just a company for me and have only one game i love, SC II, and they seem to be doing fine with it; but this is totally bonkers, like leaving your front door open when you go to work and then suing the locksmith brand for getting robbed.

You know, I wonder: Was Blizzard always like that and it just wasn't as noticeable when they weren't as large and successful yet? Or did they change so much, especially since WoW? I mean, a lot of people left, Activision bought them if I remember correctly... so I'm thinking it's the latter, but I'm just not sure. Don't make always-online a requirement if you can't ensure it won't cause problems like these. Hell, just don't make always-online a requirement, okay?

DrunkOnEstus:
I really don't see how it's the customer's fault if a hack occurs. If Blizzard insists that everyone who plays Diablo 3 has to make an account and be online/connected to their servers, doesn't it fall on them to ensure that their players' information is safe? If they are going to make it mandatory that I give them personal information, they damn well better be taking steps to secure the information on their end, because this kind of shit happens no matter what your password is if someone straight up hacks battle.net.

This suit is valid. Blizzard does not warn or advise anyone that their account isn't "truly" secure unless they have a smartphone or give them 6 bucks for a USB stick. They didn't make it at all clear before this that you can't use the RMAH unless you have a smartphone or give them 6 bucks. This suit is about Blizzard pushing the cost of one of their duties down to the consumer and profiting off of it. Please stop accepting this kind of crap and thinking it's totally cool. Nobody should demand personal information and refuse to keep it secure unless unspoken conditions are met.

Blizzard isn't the one getting hack, they'd announce it if they ever were.
It's the consumer who's allowing their log in details to be keylogged client side that's the problem.
Back when I was playing WoW I got 'hacked' twice (which they restored both times) and bought an authenticator when it came out, it's simply a randomly generated number so it can't be keylogged that confirmed with their log in system that you're the account owner.

Blizzard isn't making money from these authenticators, they're sold at cost,
though they're probably saving money from having to restore fewer accounts.

Blizzard shouldn't have to give these things away for free (as it costs them to make),
it's like demanding the government give you free condoms because we're too incompetent to protect ourselves
(which most of us are, self included)

Skeleon:
You know, I wonder: Was Blizzard always like that and it just wasn't as noticeable when they weren't as large and successful yet? Or did they change so much, especially since WoW? I mean, a lot of people left, Activision bought them if I remember correctly... so I'm thinking it's the latter, but I'm just not sure.

Like what? Is Activision Blizz a fat company milking his franchaises? Yes. Have they done anything innovative in gameplay since they merged in 2008? Not that I remember. Do they have a good game? Well, I love SC 2, but can't think of other...

That said, WTF are you talking about? Blizzard here is doing an amazing job, better than ANYONE else in the industry:

- In 8 years WoW has been hacked once, and that time was caught within hours with not even the possibility of accounts being compromised.

- In this 8 years they have kept an outstanding record in twarting DDoS attacks. The kind of attack that that takes days or weeks for other companies to repel they shut down in hours at most.

- They know some users can't mantain a safe computer or are vulerable to phishing, so they offer a free authenticator or give you a phisical one at no profit for them.

What else do you want? I mean, they might be a shit company, but in this particular issue they are feaking fantastic.

llubtoille:

it's like demanding the government give you free condoms because we're too incompetent to protect ourselves
(which most of us are, self included)

Yeah... well... it wasn't my fault, was the alcohol -.-''

Haha, it's fun that my digital systems are far more secure than my reproductive ones. And excelent methaphor, it IS like the goverment is giving you free condoms and the people complained because it's the fucking goverment's fault that the STD exsist :(

Crono1973:

It's interesting that no other online account I have ever had needed the extra security of an authenticator.

Star Wars the Old Republic offers an Authenticator options as well.

------------------------------

I have an authenticator and have not paid a dime for it. I can't really see how Blizzard is forcing anyone to pay extra to secure their account.

Furthermore The majority of hacked battle.net accounts have nothing to do with Blizzard's ability to safe guard end user information and everything to do with end users' inability to not do stupid shit on the internet and their inability to properly maintain security on their PCs. Everyone should virus scan their computers at least once a week if not more.

Crono1973:

It's interesting that no other online account I have ever had needed the extra security of an authenticator.

gotta agree with this,

and before anyone mentions, no, i don't play WoW or touch anything WoW related, i have and have always had my anti virus software up to date, the only e-mails I ever open are on my school e-mail from my school, and i'm not some old grandpa who can't smell a phishing scam a mile away anyways.

the fact that blizzard requires you to run their game through the battle.net account and has so many user related security problems, i would still call that a problem, as stated by crono I have never had this happen with any other digital account I've ever had, especially steam. And I can say the same for all my friends I know that play SCII/WoW and have steam accounts also.

and as i mentioned in my previous post, i never once played in any public rooms with anyone at all, and i had the game for a week and a half before it was stolen, i really don't think it's coincidence or more probable that it's always the users fault as many of you are saying.

How many other services with accounts (MMOs, Banks, Steam) have, 10 million users, can make a profit, and won't get the federal authorities involved? Not too many. Steam isn't really something worth hacking unless you hack the servers for credit cards, not the accounts themselves, banks would get the police involved in a big way and would get you thrown in jail if caught, and then you have WoW. 10,000,000 people, and if only 1% buy gold (pretty sure it's higher) then you have 100,000 people willing to spend a few bucks for 1000 gold. Last I checked, the exchange rate was something like $4 per 1k, $30 for 10k (bulk discount! =D) so if we assume a 50/50 split and that people only buy once a year, then you get $2,000,000 per year. For selling a digital product. That's why it's a major problem for Wow and not other services.

gmaverick019:

Crono1973:

It's interesting that no other online account I have ever had needed the extra security of an authenticator.

gotta agree with this,

and before anyone mentions, no, i don't play WoW or touch anything WoW related, i have and have always had my anti virus software up to date, the only e-mails I ever open are on my school e-mail from my school, and i'm not some old grandpa who can't smell a phishing scam a mile away anyways.

the fact that blizzard requires you to run their game through the battle.net account and has so many user related security problems, i would still call that a problem, as stated by crono I have never had this happen with any other digital account I've ever had, especially steam. And I can say the same for all my friends I know that play SCII/WoW and have steam accounts also.

and as i mentioned in my previous post, i never once played in any public rooms with anyone at all, and i had the game for a week and a half before it was stolen, i really don't think it's coincidence or more probable that it's always the users fault as many of you are saying.

I don't know if you know this but people don't hack WoW accounts cause they want to play WoW. They hack them so they can sale everything on the account for in game gold then steal all the gold on the account so that they can then sell that gold to players who buy it. Comparing it to Steam is a poor arguement cause there is nothing on Steam that you can make a relatively quick get away with.

WoW is a target cause it is the biggest MMO on the market therefore it has the largest potential gold selling market therefore if is by far more lucrative to hack a WoW then it is to hack an account from pretty much every other MMO in existence.

People are not hacking battle.net accounts for credit card numbers. I can't get more then the last 4 digits of my CC number of my account and neither could anyone that managed to hack it.

Ranorak:

RicoADF:

Ranorak:

1) they were hacked, ONCE, no info was stolen and no accounts were compromised.

2)It's not the official blizzard sites that get targeted, it's fan-sites (HUUUUGE popular fan-sites like WoWhead and Wowwiki)

3)You mean like the free one for phones, yeah real greedy.
Or you mean the one that costs 10 euro, with a free in-game pet. Where all costs goes directly to the authenticator's producer and none to blizzard, again, real greedy.

If their going to require online accounts for games like star craft and Diablo then they should be required to provide an authenticator (especially when a lot of us just want to play SP/LAN MP. I don't care about WoW but since there's an issue once again they should provide the authenticator for free to those without smart phones. They make enough, regardless of weather they make money off the authenticator, they do make money off the game and thus they should provide the extra security for those without smart phones.

Why?

I feel like a broken record for saying this, but it's not blizzard's fault.
In the end, a bank is guarding REAL money, not fake in-game gold.
In your Blizzard account gets hacked, you're annoyed, if your bank account gets "hacked" you're possibly screwed for life.

I don't see why an entertainment company has to hand out free stuff, just because most users give away their security details?

Could they? Yes, probably. They'd make a small loss every time they do.
Should they? No, Blizzard already does enough Charity and is in no way obligated to protect people who can't protect them selves.

So they start handing out physical authenticators to every person who buys a boxed version of their games? Then what? Half of the people wouldn't bloody use it, the majority of the other half would lose the damn thing (and with it their ability to log on) and the rest would give up playing the game they got it with in a month, thus creating a lot of wasted hardware for Blizzard to (almost certainly) lose money on...

Over providing the OPTION for costumers to either buy one if they feel it is necessary (often times not) or download a free one on their phone that most people have regardless or get SMS if they don't have a smartphone or IOS device...

Your idea's the better option?

Edit: quoted the wrong person somehow? Meant to be aimed at the guy this guy quoted...

RoBi3.0:

gmaverick019:

Crono1973:

It's interesting that no other online account I have ever had needed the extra security of an authenticator.

gotta agree with this,

and before anyone mentions, no, i don't play WoW or touch anything WoW related, i have and have always had my anti virus software up to date, the only e-mails I ever open are on my school e-mail from my school, and i'm not some old grandpa who can't smell a phishing scam a mile away anyways.

the fact that blizzard requires you to run their game through the battle.net account and has so many user related security problems, i would still call that a problem, as stated by crono I have never had this happen with any other digital account I've ever had, especially steam. And I can say the same for all my friends I know that play SCII/WoW and have steam accounts also.

and as i mentioned in my previous post, i never once played in any public rooms with anyone at all, and i had the game for a week and a half before it was stolen, i really don't think it's coincidence or more probable that it's always the users fault as many of you are saying.

I don't know if you know this but people don't hack WoW accounts cause they want to play WoW. They hack them so they can sale everything on the account for in game gold then steal all the gold on the account so that they can then sell that gold to players who buy it. Comparing it to Steam is a poor arguement cause there is nothing on Steam that you can make a relatively quick get away with.

WoW is a target cause it is the biggest MMO on the market therefore it has the largest potential gold selling market therefore if is by far more lucrative to hack a WoW then it is to hack an account from pretty much every other MMO in existence.

People are not hacking battle.net accounts for credit card numbers. I can't get more then the last 4 digits of my CC number of my account and neither could anyone that managed to hack it.

oh i understand what you mean, and i don't put my CC on their anyways, but that wasn't the exact point I was going for, it was the mere fact of being hacked on a "just because" basis, not based on some fiscal value. And now that you mentioned that, Blizzard has failed on some level if people can get away with that on such a risk free basis, while on steam you're going to have to jump through hoops and hoops to really get away with anything at all. (note: just using steam as an example, not the prime end all be all structure of how it should be)

then again, this is still just slight bitterness of having to be online for diablo III...*sigh* (no I didn't buy the game, it was given as a gift, so if someone is reading don't quote me saying I shouldn't have bought it.)

gmaverick019:

RoBi3.0:

gmaverick019:

gotta agree with this,

and before anyone mentions, no, i don't play WoW or touch anything WoW related, i have and have always had my anti virus software up to date, the only e-mails I ever open are on my school e-mail from my school, and i'm not some old grandpa who can't smell a phishing scam a mile away anyways.

the fact that blizzard requires you to run their game through the battle.net account and has so many user related security problems, i would still call that a problem, as stated by crono I have never had this happen with any other digital account I've ever had, especially steam. And I can say the same for all my friends I know that play SCII/WoW and have steam accounts also.

and as i mentioned in my previous post, i never once played in any public rooms with anyone at all, and i had the game for a week and a half before it was stolen, i really don't think it's coincidence or more probable that it's always the users fault as many of you are saying.

I don't know if you know this but people don't hack WoW accounts cause they want to play WoW. They hack them so they can sale everything on the account for in game gold then steal all the gold on the account so that they can then sell that gold to players who buy it. Comparing it to Steam is a poor arguement cause there is nothing on Steam that you can make a relatively quick get away with.

WoW is a target cause it is the biggest MMO on the market therefore it has the largest potential gold selling market therefore if is by far more lucrative to hack a WoW then it is to hack an account from pretty much every other MMO in existence.

People are not hacking battle.net accounts for credit card numbers. I can't get more then the last 4 digits of my CC number of my account and neither could anyone that managed to hack it.

oh i understand what you mean, and i don't put my CC on their anyways, but that wasn't the exact point I was going for, it was the mere fact of being hacked on a "just because" basis, not based on some fiscal value. And now that you mentioned that, Blizzard has failed on some level if people can get away with that on such a risk free basis, while on steam you're going to have to jump through hoops and hoops to really get away with anything at all. (note: just using steam as an example, not the prime end all be all structure of how it should be)

then again, this is still just slight bitterness of having to be online for diablo III...*sigh* (no I didn't buy the game, it was given as a gift, so if someone is reading don't quote me saying I shouldn't have bought it.)

It is risk free behavior because it is not against the law in most places (if any) to steal virtual gold. Blizzard makes people jump through plenty of hoops I have had to call them to get my account unlocked before because I logged on to WoW while across the country on business they noticed the unusual activity and locked my account until I could prove I was me.

RoBi3.0:

gmaverick019:

RoBi3.0:

I don't know if you know this but people don't hack WoW accounts cause they want to play WoW. They hack them so they can sale everything on the account for in game gold then steal all the gold on the account so that they can then sell that gold to players who buy it. Comparing it to Steam is a poor arguement cause there is nothing on Steam that you can make a relatively quick get away with.

WoW is a target cause it is the biggest MMO on the market therefore it has the largest potential gold selling market therefore if is by far more lucrative to hack a WoW then it is to hack an account from pretty much every other MMO in existence.

People are not hacking battle.net accounts for credit card numbers. I can't get more then the last 4 digits of my CC number of my account and neither could anyone that managed to hack it.

oh i understand what you mean, and i don't put my CC on their anyways, but that wasn't the exact point I was going for, it was the mere fact of being hacked on a "just because" basis, not based on some fiscal value. And now that you mentioned that, Blizzard has failed on some level if people can get away with that on such a risk free basis, while on steam you're going to have to jump through hoops and hoops to really get away with anything at all. (note: just using steam as an example, not the prime end all be all structure of how it should be)

then again, this is still just slight bitterness of having to be online for diablo III...*sigh* (no I didn't buy the game, it was given as a gift, so if someone is reading don't quote me saying I shouldn't have bought it.)

It is risk free behavior because it is not against the law in most places (if any) to steal virtual gold. Blizzard makes people jump through plenty of hoops I have had to call them to get my account unlocked before because I logged on to WoW while across the country on business they noticed the unusual activity and locked my account until I could prove I was me.

okay yeah, it isn't illegal, but that doesn't discern the fact that the person is a douche, if you spent alot of work doing an awesome (and i mean fuckin awesome) side walk chalk drawing for days and someone came by and ruined it via whatever reason, wouldn't you be pretty pissed? they didn't do anything illegal, but they were definitely a douchebag.

fair enough, I just don't see why they don't do that universally for the battle.net accounts, (hate to use steam again, but it works folks) they should make you go through the e-mail via a code you get anytime you log on to a new computer, so your account/game stays safe from hackers that way, and if they can hack both your e-mail and your game account, then yeah, you're either doing something very wrong or they are physically at/by your computer getting the info.

gmaverick019:

RoBi3.0:

gmaverick019:

oh i understand what you mean, and i don't put my CC on their anyways, but that wasn't the exact point I was going for, it was the mere fact of being hacked on a "just because" basis, not based on some fiscal value. And now that you mentioned that, Blizzard has failed on some level if people can get away with that on such a risk free basis, while on steam you're going to have to jump through hoops and hoops to really get away with anything at all. (note: just using steam as an example, not the prime end all be all structure of how it should be)

then again, this is still just slight bitterness of having to be online for diablo III...*sigh* (no I didn't buy the game, it was given as a gift, so if someone is reading don't quote me saying I shouldn't have bought it.)

It is risk free behavior because it is not against the law in most places (if any) to steal virtual gold. Blizzard makes people jump through plenty of hoops I have had to call them to get my account unlocked before because I logged on to WoW while across the country on business they noticed the unusual activity and locked my account until I could prove I was me.

okay yeah, it isn't illegal, but that doesn't discern the fact that the person is a douche, if you spent alot of work doing an awesome (and i mean fuckin awesome) side walk chalk drawing for days and someone came by and ruined it via whatever reason, wouldn't you be pretty pissed? they didn't do anything illegal, but they were definitely a douchebag.

fair enough, I just don't see why they don't do that universally for the battle.net accounts, (hate to use steam again, but it works folks) they should make you go through the e-mail via a code you get anytime you log on to a new computer, so your account/game stays safe from hackers that way, and if they can hack both your e-mail and your game account, then yeah, you're either doing something very wrong or they are physically at/by your computer getting the info.

Will you please explain to me what of value you can get from a Steam account that you can then turn around and sale. Cause I still don't understand why you think steam is similar to Blizzards situation. Simple put how would you monetized hacked Steam accounts in away that it would compare to the profit of hacking WoW accounts. Every WoW has gold not every steam account has stuff setting in its inventory waiting to be stolen. Steam isn't doing anything special.

The only time I ever had trouble with my account security was my own fault. I used curse client to install quest helper and atlas loot, unfortunately there as a keylogger in one of them and my account was hijacked shortly there after. After 5 minutes on the phone, and logging in from a different computer I had full control back and ordered an authenticator. Haven't had a problem since.

I can only assume the plaintiff was careless with his information, or was trying to install mods. Honestly the game is so streamlined now they aren't that necessary anymore.

Neronium:
It's like the Google Help Forums...my god those are terrible "help" forums.

well, google doesnt have forums. what it has is google groups expanded to look liek forum with AWFUL structure.
but to be fair, i used google help forums twice, and both times i was told that what i wanted was impossible. but at least they responded.

Now blizzard really isnt a target for the hate but i guess Diablo 3 brought a lot of hate up for that too. then again authenticators, whatever happened to having a password that noone knows....

personally, i think blizzard is wrong that it does not inform people that you NEED authenticators, but that does not really substitute a class action lawsuit....

Will you please explain to me what of value you can get from a Steam account that you can then turn around and sale. Cause I still don't understand why you think steam is similar to Blizzards situation. Simple put how would you monetized hacked Steam accounts in away that it would compare to the profit of hacking WoW accounts. Every WoW has gold not every steam account has stuff setting in its inventory waiting to be stolen. Steam isn't doing anything special.

a colegue of mine knew a bug in steam that allowed him to "take over" unused accounts. like, hundreds per day. he used to sell those accounts on the web like selling games. but 3 years ago steam has fixed the problem and no more acounts in his pocket. he pretty much lives off the stolen account business though, so its good moeny i guess.

Ken Sapp:

Ranorak:

Crono1973:

It's interesting that no other online account I have ever had needed the extra security of an authenticator.

Of course not, WoW is huge, why pick other (smaller) markets when there is the behemoth called Blizzard.

Big company, lots of vultures.

You are overlooking the fact that Blizzard is not the only company that is pretty much constantly under attack. With so many companies out there that are under attack at any given moment, why is it that Blizzard gets a free pass on its inadequate security measures? Especially if they are going to require a Battle.net account and an always on connection to play the single player portion of their games? I don't have a problem with them offering the authenticators for sale(the hardware does cost something to manufacture after all), but if they are going to make them a necessity for a secure online experience then they should include them in the game box instead of making them a separate purchase which is mildly suggested. In the meantime they need to do far more to beef up their own internal security.

The only sure fire way to keep hackers off your computer is to isolate it from the internet.

If you have a computer, and it's connected to the internet, it can be hacked. Running a multi-billion dollar MMO doesn't make you less susceptible to this.

And it's not a requirement. I've had a battle.net account that could have been considered "valuable" for almost a decade now, going back to my original WoW account- though I suppose people used to get their Diablo 2 accounts hacked too- and not once did I have to deal with being hacked. I practiced what should be common sense internet security practices. This isn't rocket science. If it's on the internet, its not secure, no matter what you do. Even authenticators are hackable. No individual company has the resources to stay ahead of the global hacking community.

9/10ths of this isn't a case. Blizzard isn't responsible for the ineptitude of it's user base when it comes to computer security, and what they have done to address the issue borders on obsessive. Ignoring these authenticators that blizzard pitches at a profit, they're actually one of the nicer companies when it comes to having accounts returned and restored.

The other tenth still isn't Blizzard's responsibility. There's no perfect defense in internet security. They're not being burned at the stake for doing something as stupid as storing consumer data as plain text.

This really is just someone trying to make an easy buck.

Here's an idea... if Blizzard requires all their games to connect to Battle.net and they recommend an "Authenticator" which they don't take any profit from, then have a physical on included in every physical copy sold... simple.

I created an account to post on this one.

As someone who works in IT security, the case is garbage, or at least, isn't tackling the real issue.

From what I understand of the Diablo III accounts getting hijacked, the log on credentials were, more often than not, obtained from Phishing scams or Fan pages, with forums, getting their user databases hacked. Not compromises on Blizzard's end.

Most users use the same email and password for a lot of stuff. If a person uses some random Diablo/WOW fan forum, with terrible security (which is most of them), all the hijacker has to do is, steal (via hacking) user info from that database and hope the user is dumb enough to use the same log on details for Battle.net. The hit rate is pretty damn good.

I've also heard of and seen a number of 'tools' for WOW that have imbedded key loggers.

If the methods I've mentioned above are how someones account is compromised, there is literally nothing Blizzard can do outside of providing the authenticators, which if you buy the physical one, is a freaking bargain.

We use similar tokens where I work, the cost for 1 user license and 1 hardware token is $250 (approx). Blizzard ofter physical tokens for $6.50.

Why do they do this? Because people are not smart enough to follow basic internet security practices, they offer authenticators to cover your mistakes.

PS

Steam has had a number of server side compromises.

PSS

Blizzard's Battle.net service is HEAVILY targeted due the potential $$$$$ that can easily be made by stealing accounts, big dollars to.

If there aren't blizzard employees selling lists of inactive accounts I will eat my own ass.

Meh, I've heard worse things to sue over.

Hope they lose, though, just because I love it every time Blizzard gets kicked in the balls. All the BS revolving around the Diablo 3 launch had me laughing quite merrily. :P

 Pages PREV 1 2 3 4 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Registered for a free account here