Monday, 12 November 2012

Gamers Sue Blizzard Over Security

Security not guaranteed?

It was a while back that I mentioned that whole thing about Guild Wars 2 being hacked and a lot of accounts being stolen. Of course, when a game draws a huge playerbase people with more dubious intentions are going to want to get in where they shouldn't be. World of Warcraft is no exception to this, even if there hasn't been as many headlining stories about it. Well, it seems that a couple of players (two to be precise) are more than a little upset that Blizzard hasn't taken more proactive steps in ensuring the safety of the accounts of its users.

That would be why they're suing Blizzard.

The two players are alleging that Blizzard's base security features are not up to snuff in terms of protecting the accounts of people that use their games. In a lot of cases when an account is hacked it means losing characters, items or progress, but given that a Battle.net account more often then not also has a credit card attached to it as a means of purchasing games, in-game items, and subscription time when necessary, there could stand to be quite a bit more to lose if the information in said account isn't properly secured.

Now, I'll admit that I'm normally the first to make fun of frivolous and otherwise idiotic lawsuits, but most of the time that's because they're lawsuits that companies tend to level against each other over dumb things like patent trolling and the like. In this case I'm not sure that it's so clear cut, so let's take a look at both points of view here.

There is little doubt that a user has a fair degree of responsibility in making sure that their account is secure when using any service. You can't go around telling people your username and password and then go crying to the company that your account got broken into. Likewise, a password which is literally "password" or "drowssap" or anything that takes less then two seconds to type in for whatever reason probably isn't a good idea either.

On the other hand, and as the reasoning behind this suit goes, Blizzard should also shoulder some of the burden of making sure that private and in some cases extremely valuable information doesn't easily fall into the wrong hands. It's not hard to imagine that this lawsuit was probably motivated by the somewhat recent breach of security in August. The suit also argues that options like the physical authenticator -- which markets for 6.50 -- should be a mandatory part of the Blizzard security suite, and given to users who sign up for Battle.net accounts.

The suit also claims that registration into a universal Battle.net account should not be necessary to play games that have no MMO components (although admittedly Blizzard doesn't actually carry much in terms of non-online games to begin with....) and basically that the company should be upfront about the additional costs that users will incur if they wish to protect their account.

Blizzard has dismissed the lawsuit as “without merit and filled with patently false information,” and goes on to say that "we take the security of our players’ data very seriously, and we’re fully committed to defending our network infrastructure. We also recognize that the cyber-threat landscape is always evolving, and we’re constantly working to track the latest developments and make improvements to our defenses.”

A lot of this boils down to whether the courts will see the authenticator as something that is essential, or an optional layer of security that is nice to have but not ultimately necessary.

More than anything this suit makes me wonder how the burden should be split. Blizzard certainly hasn't put forth the image of being a digital sieve, unlike say, Sony's antics over the PSN debacle last year, or other such high profile large scale security breaches. Still, as paying customers, should gamers be entitled to the highest level of security available without having to invest anything beyond their purchases? It's a complex question, and one that doesn't have an immediately obvious answer. I somehow doubt that this lawsuit will provide one to everyone's satisfaction either way, but it'll certainly come down on one side or the other. 

No comments:

Post a Comment

Note: only a member of this blog may post a comment.