Sidste uge gik to spillere i kødet på Blizzard. De har nemlig lagt sag an imod giganten over manglende sikkerhed i forhold til kontoinformationer samt at Blizzard tjener masser af penge på deres Battle.net Authenticator i stedet for at lave bedre sikkerhed. Tilbage i August måned blev Blizzard udsat for et større sikkerhedsbrist, og informationer fra de mange brugerkonti på Battle.net blev lækket. Derefter lancerede Blizzard så deres Battle.net Authenticator, en lille mobil-app, der skulle sikre loginproceduren. Men de to spillere synes åbenbart, at Blizzard har for ringe en sikkerhed, og at det så er for dårligt, at de tjener masser af penge på Battle.net Authenticator. Blizzard har nu leveret en officiel udmelding om søgsmålet, og den kan du læse under nyheden. De indtager en skarp defensiv stilling – naturligvis – og siger, at søgsmålet er fyldt med forkerte og falske informationer. Hvad synes du om Blizzards sikkerhed? Og er sagsanlægget berettiget?

We want to reiterate that we take the security of our players’ data very seriously, and we’re fully committed to defending our network infrastructure. We also recognize that the cyber-threat landscape is always evolving, and we’re constantly working to track the latest developments and make improvements to our defenses.”

“The suit’s claim that we didn’t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed. You can read our letter to players and a comprehensive FAQ related to the situation on our website.”

“The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player’s Battle.net account information that’s stored on Blizzard’s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.”

“When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player’s login credentials. This helps our systems identify when it’s actually the player who is logging in and not someone who might have stolen the player’s credentials by means of one of the external theft measures mentioned above, or as a result of the player using the same account name and password on another website or service that was compromised. Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.”

“Many players have voiced strong approval for our security-related efforts. Blizzard deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit

7 KOMMENTARER

  1. Authenticator er jo ikke påkrævet, det er blot noget ekstra som man kan få ved at købe en fysisk dims eller downloade en gratis app, hvis man ikke føler at sin computer er sikker. Det er ikke blizzards ansvar hvilke vira og keyloggers folk downloader, og derfor er det en fin ekstra service at have.

    Til sammenligning haves ikke noget tilsvarende i mange andre MMO eller internet services i det hele taget. Vil man så også kunne sagsøge dem for ikke at udbyde et minimums sikkerhedskrav?

    Derudover kunne man overveje om der ville være noget sagsanlæg hvis blizzard helt havde droppet authenticator og kun brugt deres nuværende sikkerhedssystem. Der er noget jantelov over dette her, og jeg ser ingen grund til at blizzard ikke skulle have penge for at sælge et fysisk produkt.

  2. i al den tid wow har eksisteret har jeg aldrig været hacked eller på anden måde mistet noget. og jeg har haft aktiv wow i ret mange af de år wow har været på markedet.

  3. #4 tror også 80% (dejligt at kaste tilfældige tal ud :P) af gangene hvor en bliver hacket er pga vedkommendes egen mangel på sikkerhed generelt.

    Har været væk fra wow et år i den tid det har været live og som du selv siger aldrig mistet en konto.

  4. De to spillere skal vel kunne bevise, at lige netop deres konti var i farezonen, eller at de har lidt tab grundet lækkede informationer.

    Og lur mig om ikke Blizzard har skrevet sig ud af meget af denne affære i deres søgsmål.
    Jeg kan ikke forestille mig, at Blizzard ikke kræver, at folk accepterer en vis risiko ved at give deres e-mails osv. til brug for et spil.

  5. #6 Teknisk set ikke det sagen handler om, de prøver at påstå Blizzard sælger deres produkt under falsk marketing.

    Tror ikke det lykkes fordi Authenticatoren ikke har noget med de hacks at gøre