Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsESRB unintentionally exposes email addresses of people who filed complaints over Blizzard's Real ID system [Updated]
by Gregg Reece 
Jul 12th 2010 at 9:55PM
During the recent Real ID catastrophe on the forums, many players decided to appeal to an industry source that might have been able to sway Blizzard to change its mind. These players contacted the ESRB (Entertainment Software Rating Board) as a Better Business Bureau-type middleman in this situation with their concerns. The ESRB itself has championed such causes in the past with its Privacy Online program, which is designed to help companies meet various privacy laws like the Children's Online Privacy Protection Act (COPPA).
Since Blizzard recanted its decision about the forums, the ESRB faithfully followed up with those concerned.
Unfortunately, in that followup email, the ESRB exposed individuals to a new set of privacy concerns.
The letter and more information after the break.
The email reads as follows:
However, it appears as if the ESRB don't necessarily understand the basics themselves. In what could be called a rookie mistake, the ESRB did a Reply All to everyone who had emailed them with concerns, thus unintentionally exposing almost 1,000 email addresses to the other recipients.Thank you for contacting the Entertainment Software Rating Board (ESRB) regarding the policy recently announced by Blizzard Entertainment which would have required participants in its official forums to post comments using their real first and last names, and for expressing your concerns regarding potential privacy implications.
It is our understanding that Blizzard has provided an update announcing that it will not be implementing the above-referenced policy with respect to its forums, and users will not be required to post using their real names. You can read Blizzard's announcement regarding this most recent development at http://forums.worldofwarcraft.com/thread.html?topicId=25968987278&sid=1&pageNo=1.
Separately, if you have questions regarding Blizzard's implementation of its Real ID option -- which by our understanding is unrelated to Blizzard's plans for its forums -- and/or the new capabilities this option offers, they will likely be answered by reviewing the information posted at http://www.battle.net/realid/.
ESRB, through its Privacy Online program, helps companies develop practices to safeguard users' personal information online while still providing a safe and enjoyable video game experience for all. We appreciate your taking the time to contact us with your concerns, and please feel free to direct any future inquiries you may have regarding online privacy to our attention.
Regards,
Entertainment Software Rating Board
I'm sure the irony of the last paragraph in the ESRB's letter isn't lost on anyone.
Filed under: News items, Account Security
Reader Comments (Page 3 of 10)
Lissanna Jul 12th 2010 10:14PM
I don't use my b.net account for anything but b.net for a reason!
Zaros Jul 12th 2010 10:25PM
But you, Lissanna, are smarter then most people who play wow. I am quite sure that only 0.01% of people used a different e-mail for their account and i different one for well, everything else.
I am happy now to be in that 0.01%
I used an alias for the Battle.net account too so we got off lucky.
Hope someone files a lawsuit ( if i change my b.net e-mail it might be me).
Zaros Jul 12th 2010 10:27PM
a different one for, everything else*
i cant spell today
Rotties67 Jul 12th 2010 10:29PM
I do the same thing. My B.Net account is strictly for B.Net. Hopefully everyone that reads this, if they didn't use a separate email address, they go in and change it to a clean one.
Guys, pick one. Yahoo, Gmail, AOL, Mail.com, Hotmail, etc. Make one up STRICTLY for battle.net. Use it for nothing else. Not even writing things off in regards to Battle.net.
Go on. I will wait here. Hurry up, I have gummi worms.
Lars Petersson Jul 13th 2010 7:54AM
Given that I have an authenticator, I'm not too bothered by that possibility...
epsilon343 Jul 12th 2010 10:03PM
Well I'd hope that these people are so concerned about online privacy that they wouldn't do anything nefarious with this information.
But this is the internet, who am I kidding?
Lionhearte Jul 12th 2010 10:05PM
Lmao I noticed this as well but didn't think twice about it when I got the email (I was thinking more of "they sound so condescending, like I didn't know Blizz released an update about the Real ID, maybe if they didn't take so long to reply.."
shefki Jul 12th 2010 10:06PM
My GFs response from the ESRB had this issue. Mine did not. So it's safe to say that not all of the email addresses got exposed. Just the ones that the person doing it failed at using BCC.
Lissanna Jul 12th 2010 10:09PM
I can't see everyone else's names in the e-mail that I sent them. They probably had multiple batches of e-mails that they sent back... lol
Transit Jul 12th 2010 10:28PM
Mine appears to be fine as well. And I only got the one e-mail.
Soooo.... Am I safe?
Xhris Jul 13th 2010 3:22AM
Same here. I wonder how many people complained, if they sent out mails in batches that large.
Frank Jul 12th 2010 10:06PM
now THAT is the definition of an epic fail.
ToxicPopsicle Jul 12th 2010 10:07PM
The email I received back didn't have all the addresses on it. I guess I was one they cared about :P
Sincerity Erisvale Jul 12th 2010 10:09PM
I was one of those people, someone - I will leave their name off, responded with this...
"Dear Privacy Board:
Thank you for exposing all 961 e-mail addresses to everyone else that sent you a message concerning the privacy of their data. It's great to see that a company such as yourselves takes pride in maintaining privacy by using a CC instead of a BCC. Really. It is truly heartwarming to know that there are checks in place to prevent the accidental or intentional release of private user information such as e-mail addresses to unauthorized individuals such as myself.
I mean, knowing that such a top notch team of privacy experts ONLY puts their seal of approval on websites when a website meets those obviously stringent guidelines! Pray tell, can you elaborate as to what those policies that you hold other companies, and I'm sure yourselves, to? Because I'm really really interested to know what part of that policy says it's OK to mass mail everyone that's sent you a message of concern a response that includes everybody else's e-mail address in a very clear breach of Privacy.
I'm leaving the CC in place in case anyone didn't notice how badly you just screwed up."
I laughed- Long and hard I laughed.
RoseClown Jul 12th 2010 10:11PM
...I want to marry that person. Holy heck, that is awesome. XD
calaf Jul 12th 2010 10:27PM
Out of curiosity did anyone on the CC also CC you? I mean once the cat is out of the bag...
Sincerity Erisvale Jul 12th 2010 10:48PM
Just that one person.
Viciouschan Jul 12th 2010 10:11PM
So many people are about to be trolled... lol
Sincerity Erisvale Jul 12th 2010 10:14PM
I'm scared... Hopefully, all the people, all 961 of them are adults like myself and were genuinely concerned.
Aurix Jul 12th 2010 10:10PM
I hate to admit it, but this actually made me laugh out loud.
"We have privacy concerns!"
O HAI! REPLY AWL!
"We know, we do too...Here, have some e-mails!"