Jan 15th 2010 4:54AM Authenticators are nice but they are not the end all solution to hack prevention.
A bit of background on my experience for those who wish to read it.
I'm a 57 year old WoW player. I've played for 4 years. I live with my wife in a rural area, no children in the home (no other wow players). I share my account with NO ONE, and never have!
I do not visit gold sites, have never gone to any site requiring that I put in a username/password relating to my wow account, and have never recieved a phishing email, i.e. Your account has been cancelled, compromised go to a site and reauthenticate.
I purchased an authenticator last May, and converted to a battlenet account early June. I have used the authenticator that entire time.
A week ago I was on late friday night pvp'n. In order to do a quick character change I used alt f4 to exit the game quickly. I was not in a city at the time and did not want to wait for the countdown exit. I immediately logged back in as I have done 100s of times prior. The login looked just like every other time, I entered my password, authenticator generated number and saw "Success" on the bottom of my screen briefly. Next thing I knew I was at my desktop. I tried logging in several more times and got a popup that I had entered a bad password or usercode. After those tries I logged into vent because I had recently left there and knew there were guildies still on Vent. I asked if my toon was STILL logged in because I thought I might be experiencing a 'wait for timeout' kind of event like we saw in times past.
My guildies said no your toon (druid) just logged out, however your rogue just logged in. I knew at that point I had been hacked. I had one of them contact our Guild leader who was in ICC on a 10 man and kick my toons. Several guildies also put in tickets at that time. I changed my password, through the account management etc.
My druid was/is in fact an officer in our guild and had a good deal of access to 'items' and limited access to any gold in the guild bank. About that quickly, the hackers ripped our raid tab in the guild bank including all raid epics that were boe, shards, orbs, etc as well as 200 flasks. I was able to log in the following day, due to my password change I assume and submit my own ticket. I received a canned response from a GM that it was being forwarded to a specialist. I await restoration at this point, and have heard nothing yet from Blizzard beyond the forward to specialist response.
My point for this post is simply this. I know of nothing I ever did in game or out of game that would have compromised my account security. Thought I did EVERYTHING right in fact, including 'assuming' my password was secure because in fact the authenticator in essence changes my password like every 30 seconds, or if you would ADDS a changing password. You CAN be hacked in spite of an authenticator as my experience shows. And you can be hacked, believing you're doing it all the right way.
I have like I said not received any care package offer from Blizzard and would not accept it if it were offered. I am looking for a full restoration so my guild will also be restored.