Still, I was wondering - is there a new vulnerability out there I don't know about?
I'm trying to think of all the vectors that could have led to this. I have accessed my account from a PC at work, my personal Macbook Pro, and my Android tablet. The credentials are also stored with LastPass, with a >20-character pseudorandom passphrase protecting them.
My MtGox password was woefully weak, something I hadn't noticed because honestly, LastPass removed it from my line of sight. It consisted of 6 characters, the first four of which was an English word and the last 2 a number that looked like a recent year. That has been corrected. It had been changed since the "big" MtGox break-in, though, so I don't think that was it.
I'm not really upset about this, but rather more interested to find out how it happened. I also don't blame MtGox, unless they did something stupid like allow my account to be bruteforced - but I have no indication this occurred.
Update - response from MtGox:
Quote
Hello,
Sorry for the inconvenience.Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.
Please file a police report in order for the police to investigate the case and make an effort to retrieve your funds and once filing a police report, please send a copy of the police report and the official ID document to Mt.Gox. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.
Thanks,
MtGox.com Team
Sorry for the inconvenience.Please change your email address password and Mt.Gox password immediately. Please do not use the same username and password on different services. You can use the Yubikey or Software Authentication on our Security Center to further secure your accounts.
Please file a police report in order for the police to investigate the case and make an effort to retrieve your funds and once filing a police report, please send a copy of the police report and the official ID document to Mt.Gox. We will cooperate with the police authority in providing the necessary information for the investigation, but we are unable to reimburse any stolen funds.
Thanks,
MtGox.com Team