Because the hacker is only receiving the data as it is transmitted, they are not able to log in more than once unless you are repeatedly broadcasting your authenticator code. They cannot change your account information. They are only in your account until they log off or are disconnected. The password is still your password. They are unable to remove or replace the authenticator. Removing the authenticator would require at least three different authenticator codes from you. One to log in to account management, and two for the actual removal. The chances of this happening are incredibly, obscenely low.
If you don't scrub the malware from your computer, they can
hijack your account again the next time you try to log in, but the same rules apply. The damage done is limited and temporary. Make sure you do a virus/malware scan to make sure you don't get hijacked a second time, just like you would do with any keylogger.
This security breach is unfortunate, but keep in mind that it's far more difficult to do than the keylogging we've suffered for the last few years. Hackers that used keyloggers could theoretically gather thousands of user names and passwords every day and get around to them at their leisure. Your account information could be stolen today, but it might not be used until two weeks later when the hacker needs to fulfill an order. In the case of a Man in the Middle attack like the ones we're seeing now, that can't be done. Authenticator codes need to be used within 30 seconds or they expire. A Man in the Middle attack needs to be done in real time with a large amount of timing and accuracy. This sort of attack is possible, but we don't expect it will happen as frequently as basic keylogging.
What can you do about this type of attack? The same thing you can do about any attack. Keep your virus scanning software up to date (and update regularly, as this exploit is very new.) Scan regularly. Practice safe surfing
. Read the thread in the technical support forums
on this issue very closely, remember the warning signs. If you run into anything unusual, do not repeatedly try to log in. Play it safe and run a virus scan. Your authenticator is still protecting you against a vast majority of hacking and keylogging methods, it is certainly not money wasted and you shouldn't remove it in a fit of frustration.
Blizzard is very much aware
of the issue and are actively looking for a solution.
: This is a PC only attack, at the moment. Mac users are immune to this particular virus, however they are not immune in general. Mac users must practice the same security methods as PC users.