Breehit wrote:However, it worries me that people are getting hacked even when they DO have authenticators. How is this done?
At the moment most authenticators should be a major roadblock to any hacker. I haven't heard of any confirmed case where a person with a physical authenticator attached to their bnet account had their account breached.
In the case of the mobile armory/AH compromise, as Pompea
mentioned, you don't need a code to log into that, so people were able to remove large amounts of gold from you through the app.
Breehit wrote:Is there any way to prevent it?
An authenticator is still considered the first line of protection for your account. Don't remove your authenticator! If anything, contact Blizzard first if you have concerns about your account or authenticator.
Does this mean that we should never use the auction house (assuming that there is some auction house app (or is it an add-on?) that allows hackers to bypass the authenticator)??? Or is there some app or add-on that we should delete?
The auction house is safe to use as far as I know. It was the app, not an add-on, that allowed malicious persons access to gold on accounts. The mobile AH has been shut down for now, though.
Add-ons are safe for the most part, as long as you download them from a trusted source like Curse.com. Downloading ANY addon-on, whether it's for the auction house or not, from an unsafe source is risky, and the add-on may contain malicious code.
Follow the security checklist
, and if in doubt you can always contact Blizzard for further assistance/advice.
To the OP: Did you ever figure out how they managed to get your account info? Was it RealID? Or was it through the mobile AH app?