I can tell you with full certainty that if anything was hacked, it was either at your email, or your computer itself. Even if a security flaw were in BTC Guild's database, the hash retrieved for your password is strongly salted. The salt cannot be retrieved without the person having shell access to the server, at which point they would certainly be going straight for the server's wallet, not users. Even if the salted passwords were pulled from the database, they would be useless in trying to access another site like MtGox.
I'm adding a "Revert to Prior Email" option right now so you can force the server to restore your original email address. I highly recommend you change your EMAIL PASSWORD if you haven't already. Given the attacker hit multiple sites, that is the common weakness.
Thanks. I just tried changing my email address but the same message popped up saying I need to wait 24 hours, perhaps the feature is not yet implemented. Yes, I think you are quite right with my email being the common weakness. I've since resetted my email pw and added secondary verification through cellphone text message to be able to login. It's more likely that I've been hit by a trojan/keylogger, but seeing that I did not visit any dodgey websites, I guess that I've been attacked via IP.