Quote Originally Posted by Silverwalk View Post
Wait wait. The hacker was able to log in to your account AFTER you associated the mobile authenticator to it?

Can you please confirm that is what you're saying here, because that would make the authenticators worthless.

Even if a hacker had your login name and password they should NOT be able to log in to your account without the one-time code.
It sounds like the game doesn't kick you even if a token is added to the account or if the account password is changed which in turn means if the person who compromised the account doesn't log out they don't have to go through the new security measures.