It's funny how people still doubt that it's a weakness on Blizzard's end.
1) The sheer number of people reporting that they've been hacked is staggering, much more so than what would be considered normal. Just compare it to the number of reports of accounts being hacked from World of Warcraft, a game with 10 million+ players. If that game has more players yet somehow much less reports, you know something is up.
2) How come the people that got their account hacked never had any of their non-D3 accounts hacked as well? No one has reported getting their paypal, email, bank accounts, forums, or other game accounts hacked - and I know many people tend to use the same password or set of passwords, so why isn't this the case?
3) There have been multiple reports of people being hacked while using their authenticators. Some of these are by credible journalists. This alone should be sufficient evidence.
4) Almost all of the individuals who've been hacked reported the same set of usernames that they don't recognize on their friend's list. This means it's the same group of people that are hacking these accounts. Now what's more likely, that a group of individuals found an exploit and are hacking thousands of accounts without digression? Or that these individuals somehow managed to install a keylog on thousands of computers, yet choose to only steal their D3 items and not their paypal/bank/email accounts?
Incorrect. What's funny is that people still spout these same bull points when trying to insist the issue is somewhere other than on the end user system. But I'll bite:
1. The "sheer number" you talk about is nothing new, considering the huge rush of compromises whenever a new WoW expansion hits. Actually, I would expect it to be worse, if only for the fact that there are lots of people who've never dealt with this type of system before, so have even less knowledge about security.
2. Chances are good that many players did get their email accounts compromised as well. That will likely result in another wave of attacks down the road on accounts that didn't fully secure themselves. As to D3 accounts only being impacted, we don't know that for sure yet. But, the most likely scenario as to why this would take place is because those behind it are GOLD SELLERS. Since it's gold they want, and have to work against the clock, that's what they focus on.
3. These "reports" have already been debunked. Not to mention "credible journalists" is an oxymoron.
4. I've worked in cyber-security for the past few years, mainly dealing with account compromises through certain social networks. Every single incident we dealt with was caused by the same things: Phishing emails (roughly 90-95%) and keyloggers. Interestingly enough, all of the compromises were coming from the same locations in third world countries, which told us it was the same couple groups behind all of them.
So while I feel it is certainly possible that there is a breach somewhere inside Blizz security, I know for a fact that there are huge numbers of people out there dumb enough to install keyloggers and get phished.