So wow.com blew open a pretty big story today, namely that Blizzard’s account reps have been instructed to offer players a “care package” of sorts in lieu of doing more lengthy and time consuming account rollbacks when there’s a report that a player’s account has been hacked. Now, clearly that’s not the entire story, but here are the posts over at Wow.com in time order from earliest to latest, since Blizzard caught wind that Wow.com broke the news and promptly made a public statement about it:
The last post is the most recent, and contains some information from Blizzard about the “care package” and why they’ve begun offering it at all. While I have to agree with Wow.com’s perspective on this — namely that it’s firmly against the best interest of players to try and sub in something like this instead of actually doing the restoration, even if it’s just an “option,” — I would say that this is an excellent time to run out and pick up an authenticator for your account.
I can completely see the benefit of giving players an option like the care package, which essentially says to them “wow, sucks you got hacked, here’s some stuff to get you back on your feet, is that okay?” instead of “wow, sucks you got hacked, let’s get you back to where you were,” since the former takes a couple of minutes (maybe hours) and the latter can take days upon days of research to find out what the player’s state was before the hack and when the hack occurred, even if the player knows. Restoring characters is significantly labor and time-intensive for Blizzard, and with the subscription rolls getting larger and larger, it makes sense to have other options in mind for players who would rather take the gold and badges and get back to business instead of wait for possibly weeks to get back to where they were before the whole thing started.
That being said, and even though the offer can be “declined,” which is kind of an “opt-out” kind of thing, it still rings kind of hollow to me, and if I were the one who’d been hacked, I would probably want to get back to where I was in the first place, even if it took a while to do so.
It seems like the real problem with the system here isn’t so much how many hours and how much work is required to restore a character or account to pre-hack state, but with exactly how time and labor-intensive it is. This carrot just says to me that Blizzard account reps simply don’t have the tools to quickly track down and recover from a hack, and probably don’t have the tools required to identify a hack in a clear way when they are looking at an account’s play history. The other downside to this is that while it’s a good thing Blizzard’s focus is on getting players up and running again, it also says that Blizzard isn’t really investigating hacks perhaps to their fullest, and are opting instead to just fix them and drop them.
I could be wrong here – there could be a process where hacks are passed along for investigation after the player is taken care of, and I’m sure the most egregious of them indeed are escalated to a development team or higher-tier of analysts, but I’m betting that with the frequency and end-user nature (eg trojans, malware, etc) of most hacks, they probably chalk it up to a bum add-on or a careless user and move on, especially if the symptoms start to all meld together. That’s not a bad thing, by the way – it’s just how technology support works; when you see the same symptoms frequently, you apply the same treatment and get used to just “knowing the root cause.”
At the same time, it does raise the question to whether Blizzard’s development teams know exactly how much of a security problem they have on their hands, and what kind of priority it is for them. I’m sure it’s a high one, but when you work in an environment that’s high pressure and fires on all cylinders all the time like I imagine Blizzard does, everything is a high priority. It makes me wonder whether or not Blizzard’s approach to incident management is drawing the curtains on a recurring problem that also needs to be examined and addressed.
In any event, in the meantime, you can pick up the scoop and decide for yourself what you’d like to do over at Wow.com’s articles – no need to rewrite them here. What I wanted to do on the other hand was bring up some of the more behind-the-scenes technology points around what might cause Blizzard to make a decision like this. It remins to be seen whether this new option will gain any kind of popularity though, even if it’s designed to make the recovery process technically easier.
Would you take the care package, or would you opt for a full restore? Let me know in the comments.