Quote Originally Posted by Fooju View Post
No one is bypassing security tokens.

If someone claims they have been "hacked" and they had a security token then either they are lying or someone used their phone / Authenticator with their password.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

You are a bit mistaken, authenticators are another layer of defense, but they can be bypassed and happens. My bank uses the authenticator, and it has happened to people to get money stolen from russia/china/other side of the world even though they had an authenticator because of that type of attack. It is definitely harder and rare but it happens.