In general, most hacked WoW accounts occur through trojans (keyloggers) installed from the official WoW forums (typically if you're using Internet Explorer, you're vulerable) - there's a ton of malicious posts on those forums.

If there's a breach in DKPSystem, and depending on how Chops has implemented password hashing/encryption, there's a very slim chance that someone could hijack a WoW account from the account info here.

You should urge your members to use a different password for their WoW account than anything else (including DKPSystem)

Wow. I highly doubt that they were hacked via DKPSystem. For one if you have uses posting their account information for World of Warcraft anywhere on the site that is just not safe. Also and I am guilty of not doing this in every case of things I use but you should never use the same user name and password on multiple systems. My DKPSystem account uses a different user name for every site and none are the same as my Wow account name.

The main reason show over and over is a trojan virus delivering a keylogger to their system. This would also account for it being 2 people in the same house even if they are on different computers due to the exploits in file sharing between pc's.

You should have your users scan their PC's for Viruses. Further everyone who plays an Online game such as WoW should run a top notch anti-virus program and Personal Firewall. Personally I don't consider free-ware as top notch.

Of all the people that I have known who have been hacked (one of which was a nephew) they all got it via virus from a download that pertained to WoW. WoW Movies from youtube and various site. One who thwarted the virus before is dropped the keylogger was pickup by accidentally clicking an add for a Gold Seller on one of the many mod sites. Then of course there is that. Mods. Users need to pay attention to the sites they download from and the contents of the mods. The most common mods containing viruses are those that have TGA (game image files) that present something not included in the standard interface for an icon on a bar or button.

I didn't know that users were capable of posting viruses and other malware on the WoW forums. Are you just referring to links that are posted, or are users somehow capable of embedding malicious HTML into their posts?

As for your concern, Saud covered it pretty well.

Generally speaking, unless your users have their WoW info on the site in some public area, there's not much an attacker can do through us.

Saud covered the important rules, particularly, no matter how trusting you are of a particular site or service, it's never a great idea to have the same password in all places.

Malicious URLs to sites that'll hijack your browser/install what they want. The trouble is that the trojans go a step further and actually post on the official forums using your account - turns into a vicious cycle.

An interesting read about some recent MMO-password-stealing trojans that were being shipped via digital picture frames.