Does MTGOX have any liability here?

[pocketkangs]

I have a friend (a Dr.) who had his mtgox wallet hacked today and had 14k stolen.  He was all in cash inside mtgox and got an email out the blue that there was activity on his account.  Someone bought 60BTC and then 40BTC and immediately transferred them into another wallet. (the same wallet address) He still had 15k left so he logged on, changed his password and bought BTC but his transfer limit for the day has been hit because he is not verified yet.  He will be transferring asap into his blockchain wallet which is secured by his yubikey.  His Mtgox account was only user name and password.  How could somebody get in?  Does Mtgox have any responsibility?  He's just sick about it.  I told him that there were some very smart people on these boards and I would just pose the question and see what kind of good/bad news came back.  Thank you for your reply.

[coin_toss]

Unfortunately this kind of thing happens a lot, often due to brute forcing, virus/keylogger on your machine, or reused passwords on some other account.

[kostagr33k]

wow thats pretty rough! I was about to post about gox but I guess I will have to do some more investigating on them.

It seems as the domain is registered to an address in Japan, but the hosting is in Florida, USA (actually thats their DDOS service). Depending on where they are hosted He *may* be able to go after them, but again He would have to find out where they are hosted, who they are, etc. Have not done much research on them yet but they may be held liable depending on how regulations are on certain sites that hold money (compliance, etc) which from the news lately not sure if there are any being used.


anyway GL to your friend

[GrinthTaco]

I use roboform for all my pws which at least makes it impossible to do keylogger and very difficult to do brute force as well.

[caesarsauce]

Two factor all the way. 

[Rayen]

Read this.
https://bitcointalk.org/index.php?topic=191842.0