I myself have been hacked, no i wasn't buying gold or any of that. I have never bought gold, nor has anyone I play with, that i know of...
About 3 months ago is when it happened. One typical evening when I logged in I realized I was missing quite a lot of items, all my gold, and my guild was spam pst'ing me about what was going on, as several big ticket items were missing from the bank. Luckily my guild at the time was with RL friends and family so I was able to clear things up with them in just a few phone calls.
I immediately logged a ticket with the GM's in game, checked my email, responded to Blizz's authentication requests, and went to the account management page and changed my password. The communication from Blizz at first was generic, blah blah blah your account is being sold, against the terms of service blah blah blah, etc...
I never got to speak to a GM in game but i did get an in-game mail from them saying that some account manager was handling the issue. After 2 days i received an email from said account manager, explaining they were still investigating the account.
4 more days after that I logged in and found an in-game mail from the account manager handling the problem with a message saying I had receive a full restore. All the items I was missing, along with all my gold, and all my frost and other emblems were returned, and all the guild bank items were returned to the guild bank. I was never offered that alternative option that Blizz has recently talked about instead of replacing full accounts.
Needless to say I bought an authenticator within the week after i got hacked and applied it to my account, immediately upon arrival.
Speaking from experience be careful out there everyone, and go buy an authenticator. I consider myself unlucky to have gotten hacked and very lucky to get a full restore.
Thanks for reading.
P.S. I have my suspicions about how this happened but I'm going to go ahead and keep those to myself for right now. :P