One of my friends in the Ravens had his account compromised in the small hours of Saturday night and Sunday morning, his characters stripped and his main toon used to mine ore in Wintergrasp. To make matters worse, he was an officer and so our guild bank got raided pretty heavily too.
I found this out late on Sunday Morning - I'd not planned on logging on until late on Sunday, but decided to check out a few things, only to discover this issue - and immediately locked down the guild bank (yes, closeing the door after the horse has bolted I know) and ejected the hacked guildees's characters (pending a GM investigation and general security check).
Both the targetted character and I raised tickets, which Blizzard eventually got in touch about (2 1/2 hours, though given it was a Sunday afternoon the delay was understandable) and are investigating, stating both the character and the GB may have the missing items reinstated.
I'm feeling pretty terrible about the whole thing - I'm the person responsible for the GB and who set our access levels. Incipient paranoia lead me to get an Authenticator for myself at the WWI, but I didn't fully consider the impact of others not having them.
So, lessons from this:
1) Get an authenticator. No matter the security measures you have in place, there's always the possibility of a new and undetectable piece of malware. An authenticator gives some measure of protection against that.
2) Take a look at your GB settings? Are they such that a single hacked account can cause major losses? Can the access settings be tightened without making the GB unattractive? (The corollary of tight secutity is that is a GB that people can't use isn't going to be useful). Do you want to differentiate access for those with authenticators and those without?
3) Don't buy gold. Money isn't hard to raise in Wrath (or BC for that matter) so why encourage criminal activity by doing so? One of my few standing rules in the Ravens is "buy gold, and bye-bye" - I'll boot anyone who does so.
So, as if this week wasn't stressfull enough (fun real-world issues), I'm not sitting waiting to see what the outcome of the blizzard investigation is. Some of the comments I've had within the guild aren't very encouraging; the targetted characters may be aided, but the guild may not. We'll have to see ...