These may be trades executed with the API:
https://en.bitcoin.it/wiki/MtGox/API/StreamingOne should investigate if API trades do not show a login, and if they don't, then that is likely the method used.
It is very possible that someone found a way to exploit persistent data, cookies, or some other way that a users session or identity can be hijacked in the MtGox interface.
Marcus from Mt Gox have responded back saying they are not able to differentiate whether trades are executed via API or not. Given there were 2600 transactions on my account over a mere 30 mins, I cannot see that being executed manually.
I have also asked for login logs for my own account (without saying whether I need to see IP addresses or not), and have been declined due to their privacy policy.
I'm seeking further clarification on exactly which part of the privacy policy is he referring to.
After I posed the question on which part of the privacy policy he's referring to, he's now replied saying he's going to have this checked with their developer and get back to me.
Marcus, Oct 15 20:51 (JST):
Hello Yuhann,
I will have this checked with our developer and we will get back to you.
Thanks,
MtGox.com Team
Yuhann Liu, Oct 15 20:28 (JST):
Hi Marcus,
Sorry to dig further.
This appears to be very inconsistent to others who requested for this information and have received them.
Can you refer me to which part of the privacy policy that states you cannot disclose the login times of my own account? I have it open right now.
Regards,
Sent from my iPad
Marcus, Oct 15 20:10 (JST):
Hello Yuhann,
We will not be able to provide the information as per our privacy policy and we will not be able to differentiate the API trades and you have also advised that this you have not used an API before.
Thanks,
MtGox.com Team
Yuhann Liu, Oct 15 20:04 (JST):
Marcus, are you able to advise reason behind not being able to supply me with access logs of my own account?