Update:

Blizzard has released a statement on its Battle.net forums regarding the Diablo III hacking.

The Diablo III developer calls on its experience releasing World of Warcraft expansions when it says that any new release will result in an increase in incidences of accounts being compromised. Blizzard has also outlined three measures players can take to secure their accounts, the Battle.Net authenticator and Battle.Net mobile authenticator, and a recently-added service, Battle.net SMS Protect which sends a unique login code to an account-holder's SMS-enabled phone, can be used to remotely reset passwords, recover an account name or disable a lost Authenticator.

Original story:

Several Diablo III players, including a games journalist in Europe, are reporting that their accounts have been compromised and items and gold are missing, or they are locked out altogether.

Blizzard has been working to "roll back" affected characters to a point before the accounts were attacked, but some game progress has reportedly been lost in the process.

The reports surfaced around the time the European Diablo III servers went offline early Sunday morning, which prevented players from logging in.

A rumour suggested that the EU servers were taken offline following a SQL injection attack.

Allegedly the Diablo authenticator, which can be toggled on and off, does not stop the hackers.

A theory on the Battle.net forum said those responsible hijacked session identifiers, which allowed them access to accounts without Blizzard's authentication server being alerted.

Whatever the security flaw, with the real money auction house launch creeping closer, Blizzard will want to address the problem promptly.