To detach the authenticator you have two methods…
If you have the authenticator and no longer want to use it…. just login in account managment and detach it

otherwise, call customer support

But for any security system to work, there has to be training and procedures to make sure that it is not subverted by the people who have control over it.

THAT is why I think this story is important. The most likely scenarios are that one way or another, a Blizzard employee was mislead, tricked, or convinced to remove the authenticator from the account.

Now, if the “theory” some people are pushing (at least on WOWinsider, etc) that someone she knew managed to get into her house and get her CD key, and knew the answer to her secret question, etc, then it is understandable and the blame doesn’t lie at Blizzard’s feet. Unfortunately, being that she lives alone, the possibility of it is rather remote – no convenient “pissed off roomate,” etc.

That is why I think this situation should be investigated as quickly as possible. The odds are that Blizzard’s staff is not doing what they should be, and that needs to be remedied ASAP.

As to the authenticators.. The only way a keylogger could have used the authenticator’s password, is if the OP & the keylogger hit enter at the same time. Once you hit enter to log in, the authenticator password used becomes disabled so you CANT use it again. The only way to get around this is if you had 2 computers, typed in passwords, typed in Authenticator passwords, and hit enter on both computers the same second.

Someone at Blizzard (probably low level employee, GM, ect….) who has access to the right information is selling accounts. I’m not saying this is what happened but it’s possible. They don’t make a lot of money.

Fiordhraoi has the other options above. The one I’ve listed and the Blizz employee making a mistake are probably the most likely/easiest to accomplish.

Yes, to log into account management, or even just the official WOW forums, you are asked to provide the token key.