The class action suit posited that Blizzard practiced "deceptive upselling," in that it allegedly failed "to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing."
A Blizzard representative told Forbes that "this suit is without merit and filled with patently false information, and we will vigorously defend ourselves through the appropriate legal channels." The representative said the use of the authenticator tool was optional for players, and offered players "an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code."
Blizzard's statement continued, "the suit's claim that we didn't properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed."
Los Angeles, CA – Consumer protection attorneys with the law firm Carney Williams Bates Pulliam & Bowman, PLLC filed a class action lawsuit against video game developer Blizzard Entertainment, Inc. and its parent company, Activision Blizzard, Inc., on behalf of millions of American customers who have been harmed by Blizzard's negligent and deceptive practices related to its customers' account security.
The suit was filed in the Central District of California and alleges that the company-whose titles include the popular franchises World of Warcraft, StarCraft, and Diablo-fails to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing. This deceptive upselling, coupled with Blizzard's negligence in maintaining proper security protocols, compromised millions of customers' email addresses, passwords, answers to personal security questions, and other items of sensitive information.
"Blizzard requires all of its customers to establish accounts with its online gaming service, Battle.net," says Hank Bates, "but it fails to disclose to consumers, prior to purchase, that they'll need additional products called authenticators to keep information stored in these accounts safe. Even though the company frequently receives complaints about accounts being hacked, it simply tells the customer to attach an authenticator to their account. Blizzard doesn't inform people about this requirement when they purchase the game, and that amounts to a deceptive trade practice. Worse still, Blizzard has failed to maintain adequate levels of security for its customers, time and again, which led to a significant loss of private data in Blizzard's safekeeping."
According to a press release posted on Blizzard's website on August 4, 2012, hackers infiltrated the company's internal network and obtained account information for players on Battle.net's North American servers, which includes gamers in North America, Latin America, Australia, New Zealand, and Southeast Asia.
"The bottom line," says Bates, "is that Blizzard should not be passing the costs of basic account security on to consumers after selling them these games. They need to be honest if they're going to saddle people with additional costs. They need to be up front about the level of protection
they will provide to their customers, and they cannot be negligent in maintaining proper security protocols."
The case is titled Benjamin Bell et al v. Blizzard Entertainment Inc. et al (Case No. 12-cv-09475).
Plaintiffs in the suit include any U.S. customer of Blizzard's who purchased one of its products after the company introduced the Battle.net authenticator, along with any U.S. customer who had an active Battle.net account during the data breach occurring on or about August 4, 2012.