Quote Originally Posted by Balbanes View Post
I guess then what I'm wondering is, were any of the people who were hacked using the hardware authenticator?
I would wager some people got 'hacked' even with a physical authenticator with some kind of phishing site that asks for your one time password. "What? incorrect? crap I musta mistyped it" *tries again* now they have login credentials and 2+ authenticator codes that are still valid since they weren't entered into SE's system to log in, change the password, steal gil/spam adverts until banned/etc, even if they can't remove the token, physical or software.