With the transaction timestamps of the rogue BTC address, it seems likely that the hackers were modifying the DB directly using a script, changing payout addresses and initiating payouts in succession. They didn't even need to enter PINs. This risk was practically eliminated by middlecoin by paying out to the username BTC addresses only, and transmitting the amounts daily when the threshold was reached. Something for aTriz and nearmiss to think about.
Yes, according to timestamps it surelly have been done by some automated script (no Neuromancer "cybercowboy" can do it this fast on his own). And as I said before, its up to HC crew to show what EXACTLY happened.