Tihan is right.. patrick/amir/donald should've changed the LastPass master password, if not created a whole new account (using a different e-mail, not
info@bitcoinica.com which is a big red flag). Not to mention securing the MtGox account. Hell, zhoutong should've revoked those API keys that day long ago (he even said the hacker could've used them).
[...]
While the initial hacker had the ability to cause this breach it is likely that it was not taken advantage of until many users had access to the sourcecode in a recent leak:
genjix:~/tmp/bitcoinica_legacy/config/initializers$ cat mtgox_credentials.rb
if Rails.env.production?
MtGox.configure do |config|
config.key = "c02e1a27-5524-449f-ba65-aff9581ddedc"
config.secret = '83U1ROG++O3vwBqFrxpcdyLIoChpgnowImy1oMVQwBLalaLevZDmWeCPJFTrYW00OQ7XUgG53LsIL2pBZ2PQgA=='
end
end
Sourcecode download link:
http://depositfiles.com/files/2p6zvadzs[...]
Had anyone heard of this source code leak? This is the first time I'm hearing of it..