Two gamers have filed a class action lawsuit against Blizzard Entertainment, claiming that the developer has improperly guarded player information leading to several security breaches and leaked account data.
The lawsuit cites an increase in account thefts from Blizzard's Battle.net in May 2012, following the release of Diablo III, and an incident in August 2012 where Battle.net itself was hacked, leading to player data being illegally accessed.
The suit also accuses Blizzard of fraud, claiming that the company "negligently, deliberately, and/or recklessly" fails to protect users' details. Referring to Battle.net once again, the suit claims that the site encourages you to purchase an Authenticator for $6.50 (£4.08) which generates passcodes every time you log in to further safeguard information.
Although digital Authenticators are available at lower prices, the suit claims that these were breaches made during the August Battle.net hacking and that Blizzard has not taken measures to repair them, making the physical Authenticator a hidden cost when using one of Blizzard's games.
The suit claims that Blizzard has made $25 million from selling Authenticators - which translates to almost 4 million units sold. Considering there are more than 10 million World of Warcraft subscribers as of last month, this does not seem too outlandish a claim.
The plaintiffs are demanding damages, and that Battle.net accounts should no longer be required for players to use non-MMORPG (Massively Multiplayer Online Role-Playing Games, such as World of Warcraft and Diablo).
The suit also demands that Blizzard be prevented "from tacking on additional, undisclosed costs to ensure security in the form of a post-point-of-sale Authenticator."
However, Blizzard has responded, claiming that the accusations are "patently false." In a statement to Game Industry, the developer said it took protecting player data "very seriously" and that full measures were being undertaken to prevent future security breaches:
"We want to reiterate that we take the security of our players' data very seriously," explained Blizzard. "We're fully committed to defending our network infrastructure."
"The suit's claim that we didn't properly notify players regarding the August 2012 security breach is not true... The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player's Battle.net account information that's stored on Blizzard's network systems.
This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator's purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard's network infrastructure.
"When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player's login credentials. This helps our systems identify when it's actually the player who is logging in and not someone who might have stolen the player's credentials."
The company went goes on to explain that it will "vigorously defend itself through the appropriate legal channels", explaining that Blizzard "deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit."