Well, I know the hacker had access to my email (I saw a login using the security questions in the GMAIL logs, it comes from some guy in Austria, but I think he was just running a TOR node).
Now, since the wallet backup was sent by email to another person, I think that's how he got it.

I don't know how he got the password tough... I have some suspicion it has something to do with Dropbox, but I can't find any logs in Dropbox to confirm this.

I moved the wallet to Blockchain.info, it's not that I trust my gmail account (and dropbox) is completely safe now but I guess it must be impossible to enter the account after I put up the google key two factor authentication.