I keep playing this over and over in my mind. How did this happen to me?
I don't truly know how this happened. My only guess is that I reused the same password too much. I have several strong passwords but once I switched over to battle.net, I could not longer use them. So I fell back on my more generic password I use for web stuff. And now that battle.net makes your account name your email address, all they need to figure out is the password.
This password is still strong, just not as strong as the others. It is unguessable and immune to dictionary attacks. To crack the actual password a computer would have to fall back on trying every combination possible. So someone had to grab the password. This leaves a website leak or keylogger.
If it was anyone else, I would say keylogger. That is why I do not share my account with people. I can trust myself not to fall for a keylogger, just not anyone else. I am a true computer person. I am usually the person people talk to that removes the really hard to get spyware. I teach people how to avoid it and what to watch for. My computers are clean of any spyware. The one time I thought I got infected ( I saw media player pop out of some pop ups and crash), I Just rebuild the computer.
This brings me back to other websites. I am not going to get into pointing at sites here, but there are 2 that come to mind. Places where I recently registered and in the last few day made some posts about making gold. I would expect one of those sites has a backdoor and is leaking information. I don't think the people running them would dare to do something like that.
It is also possible that my new visibility on those othe forums prompted someone to dig deeper into other sites I have registered with. One of those could easily be running out of date forum software that someone recently discovered a hack for.
The thing is I already had an authenticator in my pocket. I was not in any rush to set if up because I figured it would never happen to me. I figured wrong.
Update: I got thinking about what Blizzard would be looking at on my account. One thing would be account sharing. I don't do that, but logging in from ip addresses in different geolocations came to mind. And it just so happens that I was out of town a week ago. One night I used the computer of a relative that had so much spyware on it the computer that I wanted to pull my hair out waiting for it. So may toolbars in IE. I ended up installing firefox. I made a post on the guild website that I would miss the raid and I trolled the Blizzard forums a bit. Just as I am over confident that I do not have a key logger on my computers, I am over confident that my relative's computer has several of them.