I believe that fraudulent EV certificates were issued.
For reasons unrelated to this, I would like to have this citation notated.
I only found one useful article that mentions that EVSSL may have been included in the breach.
http://isc.sans.edu/diary.html?storyid=11500I'm assuming that you and MagicalTux checked the IPs used on your account. Anything strange there?
See the third post, MtGox emails you the IP that made the request on withdraws.