These may be trades executed with the API: https://en.bitcoin.it/wiki/MtGox/API/Streaming

One should investigate if API trades do not show a login, and if they don't, then that is likely the method used.

It is very possible that someone found a way to exploit persistent data, cookies, or some other way that a users session or identity can be hijacked in the MtGox interface.