Yesterday Blizzard stated they would come back to the Diablo 3 community with a response on the recent spate of acxcount hacking.
This afternoon they issued a further statement highlighting that they have not found any problems with Battle.net that could be facilitating the current hacking.
Over the past couple of days, players have expressed concerns over the possibility of Battle.net account compromises. First and foremost, we want to make it clear that the Battle.net and Diablo III servers have not been compromised. In addition, the number of Diablo III players who’ve contacted customer service to report a potential compromise of their personal account has been extremely small. In all of the individual Diablo III-related compromise cases we’ve investigated, none have occurred after a physical Battle.net Authenticator or Battle.net Mobile Authenticator app was attached to the player’s account, and we have yet to find any situation where a Diablo III player’s account was accessed outside of “traditional” compromise methods (i.e. someone logging using an account’s login email and password).
To that end, we’ve also seen discussions regarding the possibility of account compromises occurring in ways that didn’t involve these “traditional” methods — for example, by “session spoofing” a player’s identity after he or she joins a public game. Regarding this specific example, we’ve looked into the issue and found no evidence to indicate compromises are occurring in this fashion, and we’ve determined the methods being suggested to do so are technically impossible. However, you have our assurance that we’ll continue to investigate reports such as these and keep you informed of important updates.
Right now it looks like everything that can be dione on Blizzard’s side has been done and it’s now up to the players to make sure their systems are secure.