I will list some of the found (potential) attack vectors here and their relation to my own account (I can only speak for myself):

* CSRF vulnerability - not applicable to my account, the BTC were transfered at a time I could not access Mt. Gox at all, let alone be logged in.
* CSS history vulnerability - not applicable to my account, unfeasible for non-dictionary passwords over 6 characters (mine was randomized 20)
* Android app - not applicable to my account, I do not have an Android phone nor have I ever touched the app, I have also never entered my Mt. Gox details anywhere but on Mt. Gox itself
* Malware/keylogger/etc - almost certainly not applicable to my account, I turned my entire computer upside down with manual analysis (something I already do regularly) and haven't been able to find anything
* Distributed bruteforce (using a botnet) - possibly applicable to my account, but unlikely due to password length... it IS a possibility however, with a large enough botnet it's feasible.

Now the question is, what is the cause for my account (and potentially others)? I believe there's a mix of different attacks being used here.