I have tried that 2nd approach you suggested prior to asking here. although those necessary private keys (change addresses) were not found on the first 3000 rows so I figured I'm not looking in the right direction and stopped going further down the pipe, I missed it. 
Breadwallet just went through all the available wallet keys and it took a while but finally recovered.

Thank you for that enlightening answer, it helped to understand the issue and procedure.

Hi,
I’m new to crypt-currencies and experiencing some struggle understanding a cause of funds loss from my Multibit HD wallet. I’ll try to explain:

A week ago I made 2 transactions to ShapeShift which is a coin conversion service. following that service’s instructions I've made the 2 transactions from my wallet to a provided address of ShapeShift and received the converted funds to a different ether wallet I provided, as expected, an hour later.
Few days later I tried entering my Multibit HD wallet again (haven't done so since that transaction to ShapeShift) but it kept rejecting the password which I’m 100% sure was the right one saying "The password did not unlock the wallet". restore attempt also strangely kept failing and rejecting the new passwords each time.
I googled around to find that such issue had been following Multibit for a while now:

see this thread -
https://github.com/keepkey/multibit-hd/issues/753

going through the advices and solution on the link above, I used the secret seeds from my - now - Inaccessible Multibit HD wallet, converted it to private keys, imported them keys to a different wallet only to find out it’s empty of the funds I had.
I was also able to retrieve the transactions history and the transactions made to ShapeShift:
https://blockchain.info/tx/e6cfaf4858af0d105973382588d31700dc11a97efde576c2b6d11a1311c07d84
https://blockchain.info/tx/94ae29d606571789199c5b36321ed4c5729a8ba1062fa79a377c0cd2dea2efa6

I found something strange –
Both transaction listed 2 recipients (I wasn’t even aware it’s possible to send money to multiple addresses at once):
one recipient address was the provided ShapeShift’s address and the amount transferred is as intended. BUT! the second address was unknown to me and much larger amount of bitcoins was transferred.
What I also noticed was that these transaction, using Multibit HD, were made from addresses which have been previously used to receive payments to my wallet. Meaning that no new addresses were generated especially for this transaction, I thought that should be good practice.
Now I don’t really pay attention to that part of procedure in transactions as I recall reading that one of Multibit HD features is that it generates new address for each transaction constantly. Maybe I’m mistaken.

An Important point is that the transactions with the 2 recipients summed a total amount of bitcoins which was totally equal to the amount I received previously using the same address. So for example if I received 3 bitcoins to my address and later used that same address to send 1 bitcoin to ShapeShift, an exploit was to drain and the send the 2 other bitcoins left to another address simaltounasley.

From what I describe, could have my wallet / address been breached?
Is there a way for a malicious act to exploit any of the mentioned above?
Maybe it has something to do with transaction malleability?

Please anyone shed some light or guide me to a solution / education.

Thanks!

Hi,
I’m new to crypt-currencies and experiencing some struggle understanding a cause of funds loss from my Multibit HD wallet. I’ll try to explain:

A week ago I made 2 transactions to ShapeShift which is a coin conversion service. following that service’s instructions I've made the 2 transactions from my wallet to a provided address of ShapeShift and received the converted funds to a different ether wallet I provided, as expected, an hour later.
Few days later I tried entering my Multibit HD wallet again (haven't done so since that transaction to ShapeShift) but it kept rejecting the password which I’m 100% sure was the right one saying "The password did not unlock the wallet". restore attempt also strangely kept failing and rejecting the new passwords each time.
I googled around to find that such issue had been following Multibit for a while now:

see this thread -
https://github.com/keepkey/multibit-hd/issues/753

going through the advices and solution on the link above, I used the secret seeds from my - now - Inaccessible Multibit HD wallet, converted it to private keys, imported them keys to a different wallet only to find out it’s empty of the funds I had.
I was also able to retrieve the transactions history and the transactions made to ShapeShift:
https://blockchain.info/tx/e6cfaf4858af0d105973382588d31700dc11a97efde576c2b6d11a1311c07d84
https://blockchain.info/tx/94ae29d606571789199c5b36321ed4c5729a8ba1062fa79a377c0cd2dea2efa6

I found something strange –
Both transaction listed 2 recipients (I wasn’t even aware it’s possible to send money to multiple addresses at once):
one recipient address was the provided ShapeShift’s address and the amount transferred is as intended. BUT! the second address was unknown to me and much larger amount of bitcoins was transferred.
What I also noticed was that these transaction, using Multibit HD, were made from addresses which have been previously used to receive payments to my wallet. Meaning that no new addresses were generated especially for this transaction, I thought that should be good practice.
Now I don’t really pay attention to that part of procedure in transactions as I recall reading that one of Multibit HD features is that it generates new address for each transaction constantly. Maybe I’m mistaken.

An Important point is that the transactions with the 2 recipients summed a total amount of bitcoins which was totally equal to the amount I received previously using the same address. So for example if I received 3 bitcoins to my address and later used that same address to send 1 bitcoin to ShapeShift, an exploit was to drain and the send the 2 other bitcoins left to another address simaltounasley.

From what I describe, could have my wallet / address been breached?
Is there a way for a malicious act to exploit any of the mentioned above?

Please anyone shed some light or guide me to a solution / education.

Thanks!