Account hacked - WoTLK

We had an officers account hacked today in WoTLK and the hacker took everything from his toons/banks then cleared out about 60,000 gold and everything with any value from our guild bank. We both put in tickets and I changed the officer permissions in game as far as how much they can withdrawal and such but I think the bigger problem is that this person was able to bypass the authenticator and change his email and password with seemingly no problem. This baffles me. How is it this easy to disable the authenticator and change the owners information?! Really hoping Blizzard steps up and fixes this issue not only for our officer and guild but also the authenticator for everyone else’s security.