One of our readers, Bill, sent us a tip about a WoW account issue on The Consumerist. It seems that the ownership of Anonymous's friend's account is under dispute and Blizzard won't let him use it in the meantime. The ownership became disputed after the account was allegedly hacked, even though there was allegedly a mobile authenticator on the account. His friend has given up on the account, complete with Val'anyr, and has created a new one.

We can't confirm any of the facts in this case. I am willing to believe that Anonymous is truly upset and believes the story he tells to be true, even though he is posting anonymously. There are some serious red flags, however, that seem to point to Anonymous not having all of the facts:

There are no confirmed cases of an Authenticator being removed from an account by a hacker.

The code from the Authenticator is based off of the serial number of the device or app and a date/time stamp. Because of this, a code is only good for about 30 seconds. In order to remove an Authenticator from an account, without actually having the authenticator in-hand, Blizzard requires that you fax or snail-mail documentation proving that you are the owner of the account. Otherwise, following are the steps to remove an Authenticator online:

Enter username and password at the account management login screen.

Enter the current Authenticator code before it expires.

Navigate to the Authenticator removal screen.

Enter the new current Authenticator code.

Enter the next Authenticator code, approximately 30 seconds later.

Press the remove button.

The timing and number of codes required for the above procedure make it impossible to remove an authenticator online without real-time, extended social engineering. It would require slightly less effort to just log on to WoW with account info and an authenticator code acquired within the last minute for a quick cleaning out of the account, but no authenticator removal, password changes or another login would be possible.

[View Remaining 10 Paragraphs]