We posted about this a couple of days ago, and then posted the first official Blue response to the issue, but users reporting that their accounts have been hacked and their items stolen continue to fly forth. Dozens (hundreds?) of fans have reported that their accounts have been compromised and their gold and items stripped, presumably by hackers who are hording the loots for the impending start of the RMAH when your labor can become their profit.
Hacked accounts aren’t anything new to online gaming, and certainly not in Blizzard games. I did a quick search and the top return was an eHow.com page about what to do after your WoW account has been hacked. Their first point was to scan your system for a key logger, which is how the VAST majority of account hacks occur.
I am not a computer security professional, but I heard from literally hundreds of fans who had been “hacked” in the D2 days, interacting with them via our old Warnings section, and I can not think of a single person who contacted me (often mistakenly believing we *were* Blizzard) hadn’t been tricked into revealing their password or ripped off via a key logger, almost always inserted into their system via social engineering. That or via a trojan, as they tried to install maphack or some other program they’d been told was a great way to cheat at the game. (Like casinos and Wall Street, scammers almost always use your greed against you.)
Unsurprisingly, most people who get ripped off want someone to blame, and since they don’t realize they were the cause of their own undoing, they look for external problems, ideally technical ones with Blizzard’s servers. The hot rumor flying around is that hackers are somehow gaining access to accounts via the “last game joined” list, or are victimizing people they meet in public games. This could be true, but Blizzard has offered several denials of that possibility.
As for the Authenticator, get the actual physical device or use the smart phone one. There is also a “dial-in authenticator” which many fans confuse with the mobile ap, but which doesn’t work the same and is not enabled for Diablo III.
In addition, the dial-in authenticator is only currently supported for World of Warcraft.
If you’ve been hacked, assume the worst, that your machine has been compromised, and take appropriate security measures. Maybe you weren’t, and maybe there really is a huge hackable hole in the Battle.net D3 system, but even if there is you can’t do anything about that. You can secure your own computer, you can avoid downloading any fishy software, you can set a strong password for your D3 account, and you can get an authenticator to be doubly-sure.
Blizzard tech support does offer roll-backs to restore lost loot; they check to see if an unknown IP# logged onto your account and if so, they can give you back what you lost, but it’s a roll-back; they’ll just revert your account to where it was before X happened. So if you play any while you’re waiting, current progress will be erased.