How this operates:

A player (aka the thief) can easily send a malicious link to other player (the victim) by using the chat or email feature of the game. If the victim opens the link, this might redirect him/her to a fake website that will content the malicious virus, Trojan or worm. 

Please note that all this passes undetected by the user, especially if the user doesn't have a proper antivirus or antimalware installed in his/her computer. All is sorted to when the victim login again in his account, the username and password can easily stole by using the piece of software secretly installed by the attacker.

With that in mind, once the victim tries to log in his/her account for third time, sadly the victim will face the horrible surprise that he is not able to access to his/her game. And when he attempt to recover the password the system will reject his request as the email address will not recognized as it has been changed in the video game developer database.