Yes, a hacker can spoof your IP and/or MAC address.
However, that is ENTIRELY USELESS if they want to log into your account on either the website or the game.
Why?
Because of the way the internet works.
Normal:
1. User1 @ IP 1.2.3.4 sends request to Blizz servers.
2. Blizz processes the request and SENDS A RESPONSE TO 1.2.3.4.
3. User1 sees the response and sends an acknowledgement to Blizz

Hacker
1. Hacker1 @ IP 1.1.1.1 sends request to Blizz servers spoofed IP to 1.2.3.4
2. Blizz process the request and SENDS A RESPONSE TO 1.2.3.4 (note that it does NOT go back to the hacker)
3. Hacker1 never receives the response, and so can get ZERO DATA. IP 1.2.3.4 is not listening for a response from Blizz, and so after a couple retries, Blizz decides that the connection is broken and stops trying to send the data.

As you can see, there is no way for a hacker to get data back from a spoofed IP address. IP spoofing is done to protect the identity of the sender when you don't care about getting data back, or if you want to use the response going to the spoofed address as a DDoS (google it if you don't know what that is).