Tumbler wrote on Jul 27, 2012, 12:18: In fairness my username / password was possibly found on another website and used at blizzard but that info would not get them into my email...so you would think that before they let you change the email login info for the battle.net account they would do a confirmation/authentication email BEFORE they change the account info. I call it "2 step authenticaion".
This is how many accounts get hacked. Fan site forums are the prime location when it comes to hackers and they'll take each username and password they obtain and plug it in to the D3 login until they find a match that doesn't have an authenticator tied to it.
There's really nothing Blizzard can do to stop this method of hacking since it falls on the user for using the same information and not using an authenticator. Sure, they could add additional security to confirming changes to the account but the fact still remains that your account is compromised the moment they gain entry rather than when they change your information.
The Blizzard authenticator can be set to ask you each time you log in to the game or one/twice a week and the forums don't prompt you for it once you initially log in to the site. It's really not an invasive form of security and it's nice to have around.
If anything, Blizzard should ship an authenticator with the game at this point.