Aaaand hacked by no readily discernible method. gg blizz.
If you have a LinkedIn account that shares a password, they just got nailed.
The only commonality is my primary email happens to be my bnet email (and this is because credit card info could be involved), and I can basically pull up half a year of emails without a single phishing attempt present. I've otherwise been fairly good about using alternate identities when jumping into new spheres, utilizing dummy yahoo accounts and the like for things I know I really won't care much about.
I'd only recently gotten a smart phone, so I have the authenticator set up on it now. I'm not entirely sure that will do any good if they're compromising people the way I believe they are, though. And really, for every 10 "Get an authenticator!" posts I see, there's probably at least 1 who claims they still got hit. Either way, they shouldn't be an excuse for Blizz to employ lazy security practices.
And really, I've been around the net long enough to know the "what not to do" things and am at the very least protected more than your average person who may've gotten caught up in phishing scams. I probably caught the compromise within 45 minutes of it happening, and I would've noticed sooner if I'd actually alt-tabbed back to the game between some conversations. Just because, I went through and updated my software (if it even needed it) and did thorough scans with at least 4 programs, all if which showed nary a hint of anything out of the ordinary. So, if by some fluke I have a trojan on my system at the moment, it's playing very hard to get. I'd be even more curious to know where it would've came from since in the 3 weeks or so since D3's launch, my net browsing has actually been pretty minimal outside of browsing here, Facebook, and other big-name sites that should ideally be secured. I do the whole Firefox song and dance with multiple security add-ons and things like iframes disabled by default, too.
I'd really love to know how if it was me, but with how common this seems to be happening, I don't think it's entirely user error. Authenticator aside, I can think of some added layers of security Blizz could employ right this instant to help protect folks, like employing whitelist locations where, if say you live in CA and allow IPs from within that state, anyone trying to log into your account from outside CA shouldn't be able to. On my end, I'd need OH and WV free since I travel between the two a lot, maybe even PA. So even if by some fluke an antsy chinaman got my log in info, they'd have to go the extra mile of knowing where I live and managing to spoof a connection from it. I have no doubt some may go that far, but if they're running through giant lists of possible accounts and passwords, basically multiplying that by 50 would scare some off or make them more sloppy in the process, thus more easily caught.