Yeah I read this one on http://massively.joystiq.com/. Also curious why mmorpg.com did not report on it.

In any case I hope the lawsuit is successful. They should not make profit from securing customer accounts.

Originally posted by sunshadow21

Originally posted by FrodoFragins

Blizzard makes massively popular games.  It's as simple as that.  The reward for hacking Blizzard accounts is much higher than for other games in the same genre.

 

They don't really make a profit on authenticators and they offer free authenticator apps for smartphones.

Two problems with that. Other companies make equally popular products both in the same field and in other fields, yet they choose to address the root problems rather than saying they can't do anything about it, even if it costs them a bit more extra money up front. The reward for hacking Blizzard accounts is much higher because Blizzard does nothing to reduce the reward or increase the penalty; other companies make an effort to at least keep the problem in check, even if they can't remove it entirely. The other problem with your argument is that the problems didn't start when they reached a level of popularity where it was profitable to hack them, they started from the very beginning of battlenet. Even as early as the original diablo, which, while popular, was not popular enough to warrant massive amounts of extra attention by itself, had constant hacking problems when played on battlenet. Even at it's lowest, Blizzard has always had more problems in that area than most companies have had ever; that means that it's popularity, while certainly a factor, is not the only contributing cause, nor are the web surfing habits of it's customers. Something within Blizzard itself is part of the problem; defining that something is beyond my capability, but until that something is acknowledged and addressed, no amount of player driven actions, including the authenticator, is going to reduce the problem that Blizzard games have with hackers.

I'm unaware of any mmo that has as many accounts as blizzard has (with a very high active player base).  Maybe GW2 now, but they have been having as many hacking problems as Blizzard, which also shows that the more popular the product the more likely they are to target those accounts.  Part of the problem is we have no accurate data on this topic.  We don't have any idea what % of each games playerbase gets hacked/compromised.  No publisher I know of would openly admit this figure.  So we are left with guessing and inuendo from either "people we know" or by the number of forum posts complaining about the problem.  Both of which are infinitely less reliable than even x-fire statistics for comparing populations in mmos.

Originally posted by sunshadow21

Originally posted by FrodoFragins

What exactly is Blizzard doing wrong?

What is wrong with offering authenticators at cost, that can avoid most hacks?

What should Blizzard be doing to prevent hackers?

What popular PC games are immune to the problems Blizzard has?

As for the first two questions, what they are doing wrong is offering authenticators and stopping there. The authenticators are not wrong, although I still think they should be including them in the cost of the game if that's how they want to manage things, but they are not themselves a solution; they are simply a bandaid that allows Blizzard to hide the actual problems. None of their "solutions" actually directly deal with the hackers, so the hackers have free reign to continue causing havoc. As for the last two questions, while no game is immune to it, most do a much better job handling them because they actually involve dealing with the hackers directly in their solutions. Until Blizzard takes on the hackers directly, which will never happen, battlenet will continue to be a hacker's paradise, because the company running it seems content to leave it's users to fend for themselves.

Let me ask you this. If you are renting an apartment.  The leasing office for your apartment has a top lock and bottom lock on your door.  A handle lock and bar lock for your patio door.  When your place gets broken into because you do something stupid (i.e like putting your address on key and losing it).   Is it the leasing offices job to give you a free alarm system? Because that is exactly what you are saying Blizzard and all game companies should do.  Eat the cost for your stupidity.

As for the line in red, could please post some proof to back that up? I'm really curious about your insider info, since you seem to know so much about Blizzards inner workings.

Originally posted by FrodoFragins

Originally posted by sunshadow21

Originally posted by FrodoFragins

What exactly is Blizzard doing wrong?

What is wrong with offering authenticators at cost, that can avoid most hacks?

What should Blizzard be doing to prevent hackers?

What popular PC games are immune to the problems Blizzard has?

As for the first two questions, what they are doing wrong is offering authenticators and stopping there. The authenticators are not wrong, although I still think they should be including them in the cost of the game if that's how they want to manage things, but they are not themselves a solution; they are simply a bandaid that allows Blizzard to hide the actual problems. None of their "solutions" actually directly deal with the hackers, so the hackers have free reign to continue causing havoc. As for the last two questions, while no game is immune to it, most do a much better job handling them because they actually involve dealing with the hackers directly in their solutions. Until Blizzard takes on the hackers directly, which will never happen, battlenet will continue to be a hacker's paradise, because the company running it seems content to leave it's users to fend for themselves.

You aren't really answering questions with any specifics.  I'm going to stop here though because it's getting way off track from what the lawsuit is about.

 

1) Blizzard doesn't profit on authenticators

2) They offer free solutions to those with smart phones

3) Packaging authenticators in every box is wasteful as many people own multiple Blizzard games and may already have an authenticator.  And many wouldn't want to pay for an authenticator, which would have to be added to the price of every physicial copy of the game.

No, actually it is exactly what the lawsuit is about. A lot of people truly believe that Blizzard is not holding up their end of the agreement when it comes to security. The role of authenticators is central to the discussion.

1,2)Even if they don't profit, they are still asking their customers to cough up extra money for something that most games provide as part of the game package. The free app is great for those with smart phones, but contrary to popular belief, not everyone has one, or wants to clutter it up with apps that should be part of the game itself.

3)Then they need to find another way to maintain security than authenticators, or make them free upon request. You act as if they aren't going to make a profit if they have to spend some money to insure that their customers are properly protected. I am not normally one to call corporations stingy, but in this case, they are, and it wouldn't take all that much to boost the security on their end sufficiently that users wouldn't be all but required to have an authenticator.

Originally posted by sunshadow21

Originally posted by FrodoFragins

Originally posted by sunshadow21

Originally posted by FrodoFragins

What exactly is Blizzard doing wrong?

What is wrong with offering authenticators at cost, that can avoid most hacks?

What should Blizzard be doing to prevent hackers?

What popular PC games are immune to the problems Blizzard has?

As for the first two questions, what they are doing wrong is offering authenticators and stopping there. The authenticators are not wrong, although I still think they should be including them in the cost of the game if that's how they want to manage things, but they are not themselves a solution; they are simply a bandaid that allows Blizzard to hide the actual problems. None of their "solutions" actually directly deal with the hackers, so the hackers have free reign to continue causing havoc. As for the last two questions, while no game is immune to it, most do a much better job handling them because they actually involve dealing with the hackers directly in their solutions. Until Blizzard takes on the hackers directly, which will never happen, battlenet will continue to be a hacker's paradise, because the company running it seems content to leave it's users to fend for themselves.

You aren't really answering questions with any specifics.  I'm going to stop here though because it's getting way off track from what the lawsuit is about.

 

1) Blizzard doesn't profit on authenticators

2) They offer free solutions to those with smart phones

3) Packaging authenticators in every box is wasteful as many people own multiple Blizzard games and may already have an authenticator.  And many wouldn't want to pay for an authenticator, which would have to be added to the price of every physicial copy of the game.

No, actually it is exactly what the lawsuit is about. A lot of people truly believe that Blizzard is not holding up their end of the agreement when it comes to security. The role of authenticators is central to the discussion.

1,2)Even if they don't profit, they are still asking their customers to cough up extra money for something that most games provide as part of the game package. The free app is great for those with smart phones, but contrary to popular belief, not everyone has one, or wants to clutter it up with apps that should be part of the game itself.

3)Then they need to find another way to maintain security than authenticators, or make them free upon request. You act as if they aren't going to make a profit if they have to spend some money to insure that their customers are properly protected. I am not normally one to call corporations stingy, but in this case, they are, and it wouldn't take all that much to boost the security on their end sufficiently that users wouldn't be all but required to have an authenticator.

I don't know of any game that will give you an authenticator for free other than on a smartphone.  Don't all of the major games outside of GW2 offer an authenticator (free on smartphones and paid for physical)?

Originally posted by Roin

Let me ask you this. If you are renting an apartment.  The leasing office for your apartment has a top lock and bottom lock on your door.  A handle lock and bar lock for your patio door.  When your place gets broken into because you do something stupid (i.e like putting your address on key and losing it).   Is it the leasing offices job to give you a free alarm system? Because that is exactly what you are saying Blizzard and all game companies should do.  Eat the cost for your stupidity.

I expect them to have systems in place that allow the user to fight back against the root problem if the company won't. In the case of the an apartment, that would be a surveliance cameras, cooperating with any police investigations, etc. In the case of Blizzard, if they aren't willing to go after the hackers themselves, than they need to give their customers the necessary information so that someone can actually address the problem. Authenticators are not by themselves a solution; they provide moderate protection against further random incursions, nothing more. They do not resolve problems already in place, nor do they provide that much of a hindrance in and of themselves to a determined attacker. They are a great first step, but without additional, and widely known, support from the company, they can end up doing as much harm as they do good by establishing a false sense of security that probably actually isn't there when someone really determined wants to test it.

Originally posted by beej1986
Lets be real clear on the level of security these things offer. I have the phone auth. for diablo 3, I dont even play the game anymore, and constantly get e-mails about my account being compromised, and i have to log in periodically to change information on a game I dont play. Nothing I am doing. There is something wrong with their security for sure.

I get emails from mmorpgs that I don't even have accounts on telling me that my account was compromised.  Of course they are phishing attempts and I couldn't change my account info because it didn't exist.

Well Bell can't stop them from using methods that enhance security,that is an easy win for Blizzard.

Trying to PROVE negligent is going to be VERY tough because there is little to no gaming laws to relate to.

Now as far as letting the players know,this one they might win.Simply banning an account is NOT the PROPER procedure,their FIRST action should have been to warn the user of a possible hacked account,breach of information.The problem and why Blizzard would never do that is because then you have an email confirming that they admit possible guilt.

IMO IP tracking should be used and any changes should require special actions to allow further use.To simply allow anyone from anywhere to login to a users account without first making sure it is legit,is imo lack of security.

The authenticators are still opn the user,Blizzard's part is only to collect the mopney.They SHOULD have an active system to monitor account use.Example they have that spy program they embedded and Eve pays economists to monitor the games economy.So to show more effort outside of security,is not a winning proposition for Blizzard.

A GOOD Lawyer will know how to feed the questions towards the Blizzard execs,like start by asking them if there is more they could do or could have done.They will not be able to answer that question otehr than to say ,they could have done better and more.

Blizzard will of course try to point at other develoeprs and lay claim they are doiong as good or better.That of course would be scapegoating and does not give you a free pass on how to run your business.

I see Blizzard losing something,however it may come down to the simple fact of money,Blizzard can go a long time,this Mr.bell cannot.

Originally posted by Wizardry

I see Blizzard losing something,however it may come down to the simple fact of money,Blizzard can go a long time,this Mr.bell cannot.

I don't see Blizzard losing, but I can see them having to actually spend some money, whether it be to fight off lawsuits, or to improve battlenet to the point that they aren't having to worry about lawsuits. Either way, I am glad to see someone with the guts to at least raise the question.

Originally posted by Latronus

Originally posted by Kaerigan

Originally posted by Xiaoki

The Authenticator it to try and "fix stupid". 9 times out of 10 when someone gets hacked it is because they went to a bad website. But people never want to admit they clicked on a shady link in an e-mail or went to a bad website.

And then there are people like me. I've got separate passwords for my Battle.net account and the email it is tied to. My account got locked for "suspicious activity". I changed both passwords and even bought a new computer (not because of that incident, of course, it was just time to upgrade). Now my account is locked again. And NO, I have honestly not attempted logging on to any totallylegitbattlenetfreegold.com or something retarded like that. I haven't shared my passwords with ANYONE.

This is the only one of my hundreds of accounts on various websites that has been compromised.

It's not like I have any proof but sometimes I wonder what the fuck Blizzard is up to.

Stop talking common sense with the Blizzard fanbois.  They will ever accept that something very fishy is going on with battle net now matter what happens.  They love to blame the players or the fact that WoW has some many players which is a factor, but they'll never believe that blizzard is doing anything fishy in an attempt to make more profit.  They could even have a news conference and admit it and the fanbois would have some excuse to not believe them.  Nothing should ever be outside the realm of possibility when it comes to a company and extra profit.

You pin-pointed it perfectly. Any time Blizzard makes any news, immediately it is dismissed as not being possible or true. I find it sickening that for some reason that company can do no wrong, even when it has been shown they have. There is no excuse for lack security for any reason. The lawsuit will win due to the factors stated. It doesn't matter if it wasn't part of the actual security system or not, people still paid to be more protected and it does seem that not one drop of the 26 million even went into decreasing any security risks, or even strengthening it for that matter (based on their continued security issues). All that company cares about is the $$$. Maybe one day those fanbois will see that too.

P.S- Look at what Sony did when the PS3 network was hacked. They made a whole NEW security network from scratch! That right there shows that they do CARE about their customers/fanbase/users. :) Something Blizzard needs to learn.

Take this how you choose:

Me and my girlfriend both played WoW at the same time. She is a security freak - I honestly dont know how her computers manages to function under so many layers of protection. She never goes to weird sites, everything she does is above board when it comes to the internet.

I, on the other hand, am attempting to breed the IT version of the bubonic plague by combining as many trojans, worms, virus's. hack and backdoors onto the one system, without a shred of security. Ive been using computers for 3 decades, Im becoming slightly sadistic in how I treat some of my machines, especially windows machines.

Anyway my Wow account - never hacked. Hers was repeatedly hacked until she bought an authenticor, then never hacked again. Sure some hacker may have seen her electronic representation of Fort Knox and decided the challenge was worth it. Sure they may have seen my computer on the same Lan and ran screaming at the Virtual evils collected in my Pandora's box.

I just remember thinking at the time it was an awfully suspicious circumstance.

PS: Ive still never had a game account stolen from the machine I affectionately call The Leper. Have I discovered the ultimate security in the realisation of my very own plague pit? I dare not look too closely for I feel, sometimes, it is looking back at me.

What I don't understand, Is why did most of the mass hacking happen after the switch to Bnet.

looking at this from outside in, it looks like some major issue happen on their side, since there was a major hacking when blizzard switched to Bnet. That's something the consumers had no control over.

Originally posted by Nadia

Originally posted by Xiaoki

The class action lawsuit over Sony's Playstation Network being hacked was thrown out of court.

The same is likely to happen here.

sounds reasonable

http://news.cnet.com/8301-1023_3-57538716-93/sony-psn-hacking-lawsuit-dismissed-by-judge/

There is a difference here though, sony was a victim to a crime, they were attacked on a massive scale. Every battlenet hack has always been against the individual.

Hell i quit wow 5 yearss ago and i still get an email 3 times a day telling me my blizzard account has been comprimised. Blizzard deliberatly chooses not to create a stronger security system, and we all know they can. Ive played free to play games that introduce a simple virtual pin code that must be entered in with your mouse on a keyboard that jumps around the screen, are you telling me that can be hacked?

What about trion worlds completely free coin lock system? which requires you to sign in with a combination of either your cell phone or email everytime you change ip,  instead blizzard charged 10 bucks + shipping for a piece of plastic, which btw breaks, because mine did the first time i bought one of these many years ago.

Blizzzard could do better, they just wont. now does that mea this guy can win/? probably not, blizzard will just stall this case 5 or 6 years before it gets dismissed like any corperate empire.

Originally posted by sunshadow21

Originally posted by zymurgeist

 Blizzard never claimed to be free of any responsibility. They claimed they're taking every  precaution consistant with standard industry practices, and more.  More importantly they proactively restore stolen accounts and items which is more than most other companies. Blizzard is a big target with deep pockets. That attracts thieves, ***holes, and lawsuits. 

Except they don't actually resolve the root problems, and they don't even meet standard industry practices. In a thread while back, their supporters even admitted that battlenet passwords didnt even have case sensitivity; if they can't even be bothered to implement something as basic as that, they are not meeting standard industry practices. Restoring stolen accounts doesn't do anything to deter the hackers; if anything, it encourages them by making it clear they really don't care what caused the problem, and that they have no intention of finding out the real problem, because that would likely require them to spend some of the vast amounts of money the games bring in. The big pockets argument falls apart when you realize that they had these problems back when they first released the original battlenet, and they were still trying to get the name recognition.

 Case sensetive passwords aren't industry standard. You would be surprised how many online games don't use them. They don't prevent hacking or phishing either. Adding it would just get you complaints from all the numbnuts who can't be bothered to remember or protect their passwords.They do care what caused the problem. They just can't fix it without firing their customers.

It makes no sense whatsoever to include authenticators with the games. I have several Blizzard games. I have one Battlenet account. It would be pretty wasteful to send me multiple authenticators for one account. Why would I want to spend  6.50 extra per game to cover the cost of something I'm going to toss in a drawer?

Originally posted by zymurgeist

 Case sensetive passwords aren't industry standard. You would be surprised how many online games don't use them. They don't prevent hacking or phishing either. Adding it would just get you complaints from all the numbnuts who can't be bothered to remember or protect their passwords.They do care what caused the problem. They just can't fix it without firing their customers.

If that's the case, you just gave me another reason not to bother with their games. If that many people in their customer base are bothered by something as simple as case sensitive passwords, Im pretty sure that Im not to going to agree with them on much else either.

Originally posted by sunshadow21

Originally posted by zymurgeist

 Case sensetive passwords aren't industry standard. You would be surprised how many online games don't use them. They don't prevent hacking or phishing either. Adding it would just get you complaints from all the numbnuts who can't be bothered to remember or protect their passwords.They do care what caused the problem. They just can't fix it without firing their customers.

If that's the case, you just gave me another reason not to bother with their games. If that many people in their customer base are bothered by something as simple as case sensitive passwords, Im pretty sure that Im not to going to agree with them on much else either.

 I'll clue you in on something they'll deny for P.R. reasons. If you aren't going to do anything but complain about their products and not buy them they don't give a damn what you think.

Originally posted by zymurgeist

Originally posted by sunshadow21

Originally posted by zymurgeist

 Case sensetive passwords aren't industry standard. You would be surprised how many online games don't use them. They don't prevent hacking or phishing either. Adding it would just get you complaints from all the numbnuts who can't be bothered to remember or protect their passwords.They do care what caused the problem. They just can't fix it without firing their customers.

If that's the case, you just gave me another reason not to bother with their games. If that many people in their customer base are bothered by something as simple as case sensitive passwords, Im pretty sure that Im not to going to agree with them on much else either.

 I'll clue you in on something they'll deny for P.R. reasons. If you aren't going to do anything but complain about their products and not buy them they don't give a damn what you think.

And as long as no one I want to buy products from copies them, I don't care. My stance is as much for the companies that haven't yet lost my business as it is for those that have, so they know what not to do if they want to keep it. And if enough people decide they don't feel like buying a product, the company is going to start to notice; while Blizzard doesn't have to worry too much right now, their day will come when such things are going to matter a lot more, and by then the damage will already be done.

I think this is a ridiculous lawsuit.  Blizzard isn't the first company to have their security breach and they will not likely be the last.  Bank of America, Price Waterhouse, The Pentagon, Sony, Riot, and google have all had their security breached by hackers.

People are only targetting Blizzard because WoW and Diablo 3 are where the money is at for scammers trying to steal in-game assets.