Blizzard, the maker of popular game franchises such as World of Warcraft, Starcraft and Diablo, has been hit with a lawsuit claiming that Battle.net “failed to maintain adequate levels of security for its customers”. This comes after Blizzard acknowledged in August that it had a security breach and that email addresses for those outside of China, and passwords for North American users were accessed.
According to NeoGamr, Blizzard uses Secure Remote Password Protocol to secure passwords. This basically means each password is deciphered individually, making it harder to retrieve the password if a security breach does occur.
However, the lawsuit claims that Blizzard has “not taken the legally required steps to alert [users] of the very existence of the hack, and thus have actively impaired [users] from taking any meaningful steps to protect their Private Information on their own.” It also claims that users are told they need to use their Authenticator to have minimal amount of security, and says that this is a “hidden cost” and deception.
Blizzard strongly rejects the claims, saying that the case is “without merit and filled with patently false information,” it told Forbes. It also says that the claim that the Authenticator is required is “completely untrue” and that its purpose is an additional optional tool to protect their accounts in the event that their identity is compromised outside of Blizzard’s own network.
In other words, if your username and password for Xbox Live are the same for Battle.net and were somehow compromised, then the Authenticator adds another security layer to verify you as the account owner.
The plaintiffs are asking for damages and demands that Blizzard no longer requires Battle.net accounts for non-MMORPG games.
The full legal document can be found on Archive.org.