#40 - July 22, 2010, 8:08 p.m.
Let me see if I can shed a bit of light on this. A Game Master certainly wouldn't 'steal' an account :)
Here is how the timelline seems to break down.
Foreign malicious party gains access to account, friend notices, puts in a petition.
Player changes password, gets ingame.
As we are responding to that first report, we reset the password, etc.
Player changes it again - so far, everything is perfectly normal.
This is where it gets interesting. The very last, most recent password change, is again from the compromiser.
That is a strong indication there is either very active malware still present on a system - or the email attached to the account has also been compromised.
I'd do full security sweeps, I'd also highly recommend setting up another totally unrelated email and changing that on your Battle.net account.
I am asking yet another new password be sent out right now, it may take a few moments to arrive. I'd also strongly recommend thinking about adding an authenticator as an additional layer of security.
Does that help at all?