Every time I bring up World of Warcraft accounts getting hacked, as I did yet again this past weekend, the comments that follow seem to fall into three distinct categories. This pattern seems pretty consistent.
Unfairly, but in the name of simplicity, I have given these three categories names, They are:
- It is Your Fault
- It is Blizzard’s Fault
- It is Complicated
Or, graphically:
It Is Your Fault
This point of view is probably best summed up by a comment from a read that said, essentially, “Blizzard didn’t get hacked, you did.”
This point of view insists that you are responsible for the security of your account, so if you got hacked, you did something to cause it to happen.
Tobold thinks you likely fell for a phishing email if you got hacked. As he points out, there are a lot of them out there, though if he is seeing “extremely well made” versions, he must be getting a higher class of phisher than I generally do. The sentence structures that I see most frequently could best be described as the “Me phish you long time!” school of grammar.
Others are more blunt, and insist, without any actual knowledge of what occurred, that you were phished, that you fell for one of those emails, and that there is really no possible alternative explanation.
And there is an Occam’s Razor simplicity to this point of view. Certainly, the easiest way for somebody to obtain your account name and password is for you to give it to them.
There is also a distinct sub-group in the “It Is Your Fault” faction the believes that if you do not have a Blizzard Authenticator then you might as well given a hacker your account information. This is the “No authenticator, no sympathy” faction.
It Is Blizzard’s Fault
There are, I feel, a couple of threads to this faction. The primary thread seems to stem from the “don’t blame the victim” school of thought.
After all, the person who had their account hacked, they are the ones that lost valuable virtual items (people want to steal them, so they must be valuable) which they left in Blizzard’s care. This isn’t Grass Valley, they didn’t leave the car door unlocked only to find something stolen. They used the default option for account security, in fact the only readily available option for account security, a password.
If a WoW account needs more security than that, the thinking goes, then Blizzard should provide it. We’ve been hearing about WoW accounts being hacked by the tens of thousands for a few years now, and in that time only two security related initiatives have come about.
The first was forcing people to use their email address as their log in ID, which was really a move in the wrong direction, since most people will use their main email address, something easy to find. This arguably made the situation worse.
And the second was the Blizzard Authenticator.
As with the first group, there is a sub-group focused on the Blizzard Authenticator. This group runs a spectrum from people who believe Blizzard should give the things away for free to the conspiracy theory faction that believes that authenticators are just another Blizzard profit center.
There is also a sub-group who believes that account hacking, and the gold selling activities that drive it, all serve to enrich Blizzard in some fashion, so Blizzard can’t be serious about account security.
It Is Complicated!
There always has to be the “other” column.
After the previous two categories, there is the gray area populated by people who might be leaning towards one of the first two groups, people who have to deal with cleaning up the problems that result from the security flaws in things like Adobe Flash or JavaScript, people who have actually been hacked and were able to run down how it happened, people who were hacked even though they were security aware, people, like me, who just distrust any easy answer, and probably a few dozen other identifiable different points of view on the subject.
The Ignorant
If you count the people who know nothing, or next to nothing, about people getting their accounts hacked, the people who have never gotten a phishing email, the people who have never heard of the Blizzard Authenticator, then The Ignorant is by far the largest group.
If you are reading this, you are more aware of WoW account security than probably 80-90% of the people who play the game, and not by virtue of anything I’ve written. People who care about the game, who take an interest in the game outside of just logging on and playing, are most certainly the minority.
The ignorant do not, however, comment here, so they don’t count towards the three categories to which I referred at the top of this post.
Where Do You Fall?
Just to give this observation some point on which to end, I think it is time for another poll.