The IP addresses of both transactions are 115.133.198.86 and 64.120.79.136.
The first is somewhere in Malaysia. The second is a dedicated server hosted in Dallas, USA. Both are very unlikely to be legitimate traffic in this context.
Me password was (have been changed) J08-uU33-1604-82-xXx
Unfortunately this isn't a very strong password.
I disagree - that should have definitely been a sufficient password in that:
A) its 20 characters long
B) it has lower case letters
C) it has upper case letters
D) it has numeric digits
E) it has special characters (the hyphens)
F) It has no real words in there
I would even think that its in the upper 50 percentile of MtGox user's passwords, from a security standpoint. And even if not, it most definitely fit the definition of a secure password as defined from Mt Gox's own recovery process.
Simply put, this password should not have been guessed or brute-forced on a live system over the Internet.