Almost everyone had transactions from "united" ... It does mean that the attacker has your username
A question for people here: Did everyone who has the "united" transaction have a MtGox account name that is also a Forum username? Because it's easy enough to get a list of Forum names.
I have the "united" transaction, and my MtGox account name also happens to be a Forum username (although it's not 'ribuck').
I plugged the vulnerability that allowed them to run the attack so your weak passwords will be safe again.
Weak passwords are
never safe. Mine is 71% according to
the Password Meter, and I'll be improving it.