So I've had some time to sit down and think about this. This hacking is very bad. At this point, the attackers have got your

• email address
• secret question and answer
• salted passwords[

I would like to state that even though the passwords are salted, its still crackable. Any basic maths geek will be able to tell you that with a large enough database, the constants can be deduced easily. This leaves your real password.

I have read an article about this and I think the author is on the right track when he says SRP may not be strong enough. Link to article. Read if you are interested in the theory of it.

But note that the author is an interested party when bashing Blizz AND like he said, its impossible to avoid break-ins. Although as long as there was a battlenet server to store and maintain user's characters, this would have happened. It doesn't matter if there was an offline aspect to D3.