Not surprised at all if it is the case. Just look at their javascript and you know that this was hacked together rather quickly... Below an email that I have received over the weekend, obviously because I have an account at MtGox and it was compromised
----
Dear Sir or Madam,
A few hours ago the Bitcoin trading website Mt Gox has been hacked.
Malicious individuals have been able to obtain a database containing
usernames, email address and encrypted passwords. This information has been
posted publicly on the internet.
As a Bitcoin supporter I'm now sending a message to every email address
contained in the hacked database. This is to warn you that your username,
email address and password have been leaked. I therefore strongly advice you
to change your passwords. If you have used the same password on different
websites it's highly recommended to change your password on all of your
accounts!
For a more secure alternative to Mt Gox, the community appears to be moving
to TradeHill. So this is no reason to lose faith in Bitcoin itself. It must
be seen as a warning that not every website can be trusted with your data
however! Their link is
http://www.tradehill.com/?r=TH-R15683 (Note: You can
remove the Referral Code when registering if you want!) This is certainly
not the only website where you can exchange Bitcoins, also check out
http://www.thebitcoinlist.com/dp_bitcoin/bitcoin-exchange/Sincerely,
A Bitcoin supporter
1CWSjov2N7ix41bZ8bJfHXkdLLbkUsG9Y7
XXXXXXXX@XXXXXXXXXXXX.XXXXXXXXXXXX