My account was somehow hacked in on the 5th of Oct, where a large number of transactions (2600) occurred within a 30 min window. All of these transactions were for buy & sell orders that ultimately cleared my account down to less than 1c.

As per OP, notifying Mt Gox yields a response requesting me to file  report with police,etc.,and we all know what means.

Except for logging onto the account, 2 factor auth have been used.

I suspect there's some serious flaw in the APIs that could have caused this.

I'm requesting login logs from mt Gox to see what they come back with.

/edit - just to note that I do not have any API keys and have 2 factor auth for withdraw and security center. So if they could execute trades via API without being able to create an API Key then there are some serious flaws!