Baines (baines) wrote,

Diablo III security

After all the hacking claims started, I saw a conspiracy theory that Blizzard intentionally gave Diablo III poor security in order to push its Authenticator, which they happen to sell fancy versions of for $6.50 in their shop.

So... The current thing to blow up is not only that Diablo III uses case-insensitive passwords, but that apparently Blizzard doesn't see it as a problem (even amidst reports of account hacking)?

When the issues was raised in a bug report thread on, a QA quite happily responded "This is actually consistent with all of our Blizzard games. Try it in WoW and SC2 :)". When people understandably got upset, the QA said "Please leave discussions like this to the General Discussion forums. I'm not going to keep posting on threads if my answer to someone's bug report is a huge discussion about something that isn't a bug." and the thread was locked.

To be fair, I can see the logic of locking the thread if it isn't officially considered a bug, but still the whole mess just looks bad. Bad that Blizzard's security is so poor, particularly in the wake of various hacking claims. Worse that Blizzard seems okay with their security holes. Worse still that they take this apparent attitude while selling a product to improve their poor security. (Note also that case-insensitivity isn't the only thing that people have complained about in regards to Blizzard's security systems. It has other problems as well.)

And I do wonder just how much money Activision/Blizzard stands to make from Authenticator sales. 6.3 million copies of the game itself have already been sold, and I'm sure this hacking blow up has pushed Authenticator sales, even though some have claimed that they've been hacked even using Authenticators.

EDIT: The news part of Tuesday's GUComics perhaps says it best: "don't post freakin' smiley faces when you admit to it not having the most basic of security rulesets."
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.