Until someone signs a message with that address, I'm not believing anyone.
Hard to tell, really.. If it's under their control. ONLY they will be able to sign it. Not even Bitstamp will be able to.. Key has been encrypted.
That's what I'm saying. If it's the hacker taking credit and selling, he/she should at least prove ownership by signing.