I'm no coder, but I feel that it was the JAVA.
One of the dumped files was LOGIN_DATA
I opened it in Notepad only to see all of my web login account names + a lot of other code.
I'm lucky that I don't have an online wallet.
So far my CEX account is the only one that has been compromised. But that could change.
Unfortunately CEX is where all of my BTC were.
I'm just waiting on Admin now. I will reply later with updates on status of this.