meh, not sure if the above comment is an official wowinsider comment, but it seems somewhat ironic and hypocritical if it is.

alas, the average wow player is not an IT security expert, does not understand encryption, two factor authentication, or how the blizzard authenticator (or even off-the-shelf-vasco fob) works, or is configured specifically at blizzard's end. as such pretty much every comment here is hearsay, speculation, and worthless. That sounds arrogant/patronising, but it's true. Yes, it's easy to say "it's blizzard's fault" or "it's the user's fault" and assign blame and insults to them accordingly, but that doesn't achieve anything.

blizzard really should find the facts out about this incident from its authentication, and realm logs, and make them fully public, and stop the rampant uninformed hearsay that's going on.

Was the account even "hacked"?
Is there proof of access and authentication from multiple IP ranges / ISPs?
Is there proof of monies being transferred, and who to?
Were phone calls or emails sent to blizzard support?

of course, the same could be said of every account hacking incident, although i suspect blizzard just doesn't have the ability to log and look back through some of this information.

Personally, i think people need to start asking the following question. Which is worse? The people hacking accounts and stealing gold, or the people buying it?
IMHO blizzard need to start cracking down the buyers, as without them there would be no market for account hacks, and farmers.