Users accusing Aurumexchange of TOS break are indirectly supporting the hypothesis that Zhou Tong is the hacker.
If Zhou Tong is the hacker, then Aurumexchange released information of a customer.
If Zhou Tong is NOT the hacker, them Aurumexchange released information of an unknown person.
This makes no sense at all.
Consider this hypothetical: You open an account with some service. I hack your account and use the service to buy 1,000 copies of Mein Kampf which I leave on the doorsteps of Holocaust survivors. There's a public outcry over this event and the purchase is investigated. The service publicly announces that your account was used to buy those 1,000 copies of Mein Kampf, which embarrasses you. You receive death threats, harassment, and so on. When you respond that you didn't buy them and that someone else must have hacked your account, does that let the service off the hook for the privacy violation? After all, it wasn't your transaction.
That one doesn't quite work because users had noticed Zhou's LR transactions and commented on them just after the hack and Zhou had already said that AurumXchange had frozen his funds for unknown reasons before AurumXchange made their statement. While I still believe that the AurumXchange statement was ill-advised, both Zhou's LR transactions and the fact that AurumXchange had frozen his account had been discussed in this community prior to that statement. Zhou is not claiming that his AurumXchange account through which he sold LR for a friend was hacked.
While I believe that AurumXchange/Mt Gox were justified in confirming to the community that the stolen funds had been converted to LR, I think that their public statement should have stopped at "we've identified and frozen accounts suspected of being associated with the Mt Gox theft and referred the matter to the appropriate authorities for further investigation". The public request for further documentation from Zhou and information about whether or not it had been provided were utterly inappropriate.