There's really nothing Blizzard can do to stop this method of hacking since it falls on the user for using the same information and not using an authenticator.
That is nonsense. They can establish 2 step authentication and log computer access. A user account and password will suffice once you've logged in with a certain computer. If they see a login from a computer they havent seen before then two step auth. If the person has your email as well then u are kind of f-d. This is why users need to establish different login details on that email.
Steam does this, when you login from somewhere they don't recognize they won't do anything until they verify you can get into the email associated with the account.
That is what blizzard should be doing. Using the authenticator is a lazy solution and an indication that the company doesn't want to deal with the additional security measures that are becoming standard on everything else.
We're blizzard, we can have shit security if we want.
Blizzard has shitty security and could do a lot more. People using the same username/password combination across their email, gaming accounts, online banking and some wanky fansite are what I would refer to as technically retarded and deserve everything they get.....