WoW scams have plagued World of Warcraft players, both in-game and out. That's why it's been so surprising (and disturbing) to see Blizzard continually roll out changes that directly put gamers in harm's way.
In the Fall of 2009 Blizzard implemented a forced merge of World of Warcraft accounts into a single login through battle.net. This single login requires the user's current email address as the account/login name. It also merges all account activity, including CD keys, credit card or other payment method, physical addresses, and other related information.
In other words, a veritable pond of data for scammers to phish - and the only information they have to guess now is the password. The account name is pretty much there for the taking. Had your email account hacked? Better kiss your level 80 and WoW gold goodbye.
In January 2010, Blizzard followed up with solemn pronouncements such as "account security is one of our top priorities" and "keeping your account safe and secure is an important goal for us".
Unfortunately, talk is cheap and actions speak louder than words. It's apparently not that important to them.
Despite Blizzard itself attesting that two of the top three most common account compromises originate from phishing and shared account information, they still opted to roll out Real ID.
Here are a couple of snippets about the new Battle.net Real ID program:
"...when you click on one of your Real ID friends, you will be able to see the names of his or her other Real ID friends, even if you are not Real ID friends with those players yourself."
"...your mutual Real ID friends, as well as their Real ID friends, will be able to see your first and last name (the name registered to the Battle.net account)."
"...Real ID friends will see detailed Rich Presence information (what character the Real ID friend is playing, what they are doing within that game, etc.) and will be able to view and send Broadcast messages to other Real ID friends."
And this is all cross-game, cross-realm, and cross-alts. Just what already heavily targeted players need, right? A merge of WoW/Battle.net/StarCraft with Facebook-style social networking? Facepalm might have been a better term to describe Real ID given its potential for scams. Especially since Blizzard rolled out the change without any provision to protect minors whatsoever:
Will parents be able to manage whether their children are able to use Real ID?
We plan to update our Parental Controls with tools that will allow parents to manage their children's use of Real ID. We'll have more details to share in the future.
Nice. So some time in the future, Blizzard might start looking at considering security seriously. In the meantime, the unmanaged Real ID program makes it even easier for scammers to socially engineer players AND it adds potential stalking to the list of concerns. With no provision to protect minors whatsoever.