I commented on here a week or so ago about my buddy's D3 account getting hacked and wanted to update some of you. While I was playing my lvl 58 character last night I got kicked out of game with a message saying "you have been disconnected, you're account has been logged onto from another computer". I tried to log back in and my password had already been changed and by the time I could report it and get my account reset all my stuff and gold had been taken, including what had been sold at the auction house. I had a fairly complex password.
After reading up a bit on it I found that it's possible for another person to hijack your session while you're playing, so no matter what your password is or if you use an authenticator, it's basically a moot point. Blizzard obviously has to know whats going on here.