Recently, Blizzard made authenticators an optional part of each account. When you enable it, you either use a keyfob or an iPhone app that links to your account to give you a unique revolving password every time you access your account, in addition to your normal password. This gives another layer of security to your account, and is very hard to hack- corporations use this for people accessing their VPNs.
However, it appears that hackers are now using this against people who don’t sign up for an authenticator. When they hack the account, they not only change the password, but add an authenticator so that the compromised account can’t be easily restored.
If this happens to you, there is a thread on the Blizzard forums about how to get an unauthorized authenticator removed from your account. And from the number of threads in the support forums, this isn’t an isolated thing.
Lesson of the day- add an authenticator to your account.