A class action lawsuit was filed this month against Blizzard Entertainment, Inc., the California-based manufacturer of video games including Warcraft, Starcraft, and Diablo. The complaint, which was filed in the U.S. District Court for the Central District of California, alleges that Blizzard Entertainment failed to secure customer information in violation of deceptive trade practices laws and in breach of contract. According to the complaint, consumers must create an account on defendant's website, Battle.net, before they can play any of defendant's games. Customers have the option to purchase an "authenticator" for $6.50, although according to the complaint, the site is marked as "secure." The plaintiffs allege that the authenticator is extra protection that customers must buy to keep information stored in their account safe. Blizzard has indicated that plaintiffs have misunderstood the authenticator product, which is marketed as a "supplemental authentication method for your Battle.net account." The complaint alleges that not informing people of this alleged additional requirement at the point of purchase is a deceptive trade practice. Additionally, after multiple hackings of the Battle.net website that exposed customer's information (including email addresses, hashed passwords, and other information), the plaintiffs allege that Blizzard was neglect in not sufficiently protecting customer's information. The plaintiffs also take issue with how long Blizzard took to notify impacted individuals of the breach (Blizzard has reported that it promptly notified impacted individuals). The case is currently pending, with Blizzard's answer due by January 18, 2013.
Tip: It is not clear if the claims made by the plaintiffs in this case are appropriate, however this case is a reminder that companies should be careful when making claims about "security," especially if there have been recent hacking attacks on their systems.