Hi, I checked the account history quickly, and saw the hack had nothing to do with your account email. The attacker used the reset password function and got the right reset key right after, which he used to change your password. Therefore here are my questions for you:
- Was your email password strong too?
- Are you sure you NEVER logged into your email from any other place than your home, on a safe computer (ie. never used that email from a mobile device, for example)
So basically, the attacker gained control of his email account, reset the MtGox password, then stole the coins.
I see this as a definite possibility, especially if his email password wasn't very strong. As soon as that MtGox list got out, his email address was out there too. Someone may have brute-forced (or otherwise extracted) his email address password.
Isn't it true that IMAP email/passwords are sent in plaintext unless a secure connection is specified? Maybe someone was sniffing his data when he connected to his mailserver, and retrieved his account password that way...
J., do you have a "Reset password" email from MtGox in your inbox or deleted mail folder? It was probably fully deleted, but you never know... not that it would really solve anything, it would just give confirmation to MagicalTux's investigation.