Hate to say it but there are some companies out there that won't lift a finger to help/restore account access if they notice that your account wasn't sufficiently secured with dual-factor authentication/security tokens.

I changed my PW and bought the damn token also for added security. I been playing for over 6yrs and now I need to have that on my account is BS
Do you know that there is a free app you can use instead on iPhone/Android phones? You don't have to buy the physical security token. That said, 6 yrs with just basic security and you only got hacked now? You've been lucky. Personally, I don't trust a subscription-based online game (or any website that stores my information) that doesn't offer some form of 2FA on accounts - it's an open target for hackers if you're only using a password to protect your account. I know SE has had 2FA on the game for years and it's regularly advertised to help protect accounts from malicious access.

Yes, it would be nice to have some notification of account changes, but to be honest, getting told about something after it's been done wouldn't really help the situation. Good security is about preventing something from happening in the first place, not being informed about it after the fact.

If there is any take away from this, it is that SE should REQUIRE dual factor, not just weakly recommend it.
Agree 100% - I think all online MMO's should require some form of 2FA.