You answered your own question, (was at work) had my sorc (running). This means you cheated/used external programs
Either you got keylogged or this is some sort of new measures against cheaters from b.net
wow wrong
there has been zero bans since 2017 so no action on bliz's part
believe it or not but game mods/bots are open source so you can inspect the source code and self compile. using a hashing with sha3 you can know exactly what file your looking at and rule out all other files that ever existed. you can also test the file behavior by loading it into ghidra and inspecting for anything odd.
what we know: cdkey is ok, no d2 bans have happened since 2017, he logged in so hes not ip restricted, he can make other games on other accounts so hes not wait in line. single account is effected - password.
what likely happened: you were online, lost connection and the bliz servers dont register you as offline so your char is in a hung state. usually its kicked to the lobby and you can see them as account#2 if you were to log in. you can either wait for bnet servers to kick you or have a bliz admin kick the char. <--99% odds this is what happened. but this is actually odd because if this did happen the account password would not be effected. so something else entirely is happening here and its server side. there has been a few topics posted here within the past few months that are near identical to what happened here. in all accounts none were recoverable. so this has nothing to do with botting, its blizzard at work here and the account is gone. other reports of password reset requests to registered accounts fail. sorry but the account is gone.
1% odds of this:
you do not need to keylog in d2 to get accounts... d2 is an old old program, you can inspect network traffic in plaintext with wireshark, the network traffic is not encrypted. during login the password sha1 hash of the account is simply sent insecurely to blizzard. sha-1 is broken but its somewhat secure but not for anything sensitive. it was broken in 2017 by google and this is what d2 uses. websites dont know your plaintext password but they know the hash of it. so you never want to brute force anything even broken algorithms as its the slowest possible way but its usually impossible if its not broken. its more realistic to capture the sha1 hash then compare the hash to a known public lookup table dump of known passwords. password complexity for most people is not high and if you combine that with broken hashing (sha1) you have real problems. so for all of this to work you would need some type of program like a remote access trogin to be on the computer, have command and control over that machine and sniff local network traffic when its just easier to keylog directly but both methods work.
but lets be realistic, yes all of what i mentioned can happen but the probability of it is very very low because:
d2 is a dead game and it requires time, effort to pull something like that off. there is also no profit and this is the major reason why d2 accounts are safe.
(possible)
you could have password reuse where a social media account / password is in a known public dump but this does not match the op's description but if an account is logged in then the identical account is logged in again with the character it will be kicked from the game but wont have a password error.