I received such a mail, telling me there was a “recent login attempt” on my account.
I’m not particularly familiar with battlenet; years after giving up on Diablo-II I created this account to take a quick look at Heartstone, but that didn’t last for long, so this has been dormant for years.
The mail itself doesn’t even tell me whether it was a SUCCESSFUL login or not. I’m assuming it wasn’t, since I never got a verification code like I did just now – but then again, I might have dismissed it as spam.
And the mail does suggest changing the password – which should indicate that the correct password was used, but it’s often a completely generic suggestion that’s made for no particular reason.
A quick glance over the account data didn’t show any kind of “recent logins” list or something similar, so another dead end.
Assessing the scope of a security breach is kind of impossible if you don’t even know whether an attack used the correct password. As battlenet uses EMail addresses for login and it’s certainly easy to associate EMails with gaming activity if you steal the correct database – so the really interesting part is whether they had the password.
So, when exactly does this mail get sent? Failed login attempt? Correct password, but no security code given? Correct password AND correct code, but unknown machine? But then, I don’t think this machine had a cookie for battlenet… not sure though.