I wonder if Blizz will get round to making passwords case-sensitive after this at least.

I've changed password and account email, don't feel too worried about it or the way they have handled this but I do like that it shows how they handle this situation (as required by Californian law) and proves why all the talk of the D3 servers getting hacked after launch but blizzard denying it was a load of bs. If that were the case, they'd have handled it in exactly the same manner they have with this real breach.