This is the 3rd MtGox account I've heard of that's been cleaned out in the last week. A new vulnerability, perhaps?
None of them had two factor auth. If there is a vulnerability on Mt.Gox itself I think I would hear more bad news... The botsnets of this world are seriously big. I think more and more bot masters let their bots harvest BTC related data.
Perhaps... maybe someone has access to the database with passwords? Hashes are pushed against a rainbow table to pick out the easy ones? Obviously, 2FA would prevent this from working, hence the reason only 1FA accounts have been broken? I would think many more accounts than just 3 would be accessed in such a case, as you alluded to, but you never know how many have been accessed without the owner finding out yet or without the owner posting here on this forum.
Not sure what else the attacks could be from. Keylogger? Maybe.