As you all guessed, I'm not using two-factor authentication / yubikey.
Did you mean to say you weren't or that you still aren't?
Because unless you can say with certainty that you aren't using a machine that has been compromised, then even after changing your password your remaining coins are no safer now than before. Get 2FA. If you don't have a smartphone or other second device that can run it then move the funds to an EWallet that uses SMS-based 2FA.
I wasn't, but I am now.
I guess many of us just have to lose bitcoins or money, until we realize that a 15-20 characters/letters/symbols password isn't enough and that two-factor authentication IS necessary with Mt. Gox. (and any other trading sites)
But as I've lost confidence in Mt. Gox, maybe I'll even transfer my coins somewhere else, and then later transfer them back to sell them...