NEED HELP! Cant access anything to get the acc back.
This is my friends ACC - I am just trying to help bring visibility to this. Thank you and please blizzard notice this.
The only visibility your friend needs is opening an account compromised ticket.
As long as a ticket is raised, and you provided an email address that may not also be compromised, you sadly will have to await a response from billing, this forum does not bypass that.
When they do respond, it should go to email, this will be from a noreply address, so the response may have to go to a new ticket.
That they were able to get around an authenticator could mean they have a lot of personal information about you, not easy to get around.
To add to what Kozzae said, it likely means a larger security issue on your/your friend’s end. If they could change all that, then I’d be running some security sweeps, malicious software checks, adding authenticators to virtually everything, especially the associated email address.
To prep for recovery, I would create a new email address that you’ll use just for battle.net using something gmail where you can add additional layers of security like an authenticator or sms protection.
They got the info for stealing this account somehow. It wasn’t from Blizzard, so that means falling for a phish, malicious software/compromised email/password accounts or even having purchased an account from another player (which I’m assuming isn’t the case here).
As Kozzae mentioned, if there’s a ticket already, then Blizz will look into it, but bypassing that authenticator is not easy and very concerning 
Edit to add: Please don’t use your friends’ account either…especially if you’re doing it from the system your account was compromised from.
You can always make a new battle.net account to create tickets, track them and post from too. Just use a throwaway email for it.
I answered you on X.
Your ticket isn’t quite 2 hours old. Once things get sorted, you should be able to change the email.
I’d check the security of both your computer - and that email address.