no I did not have two-factor authentication enabled - I have been naiv
thinking that funds on Mt.Gox would be safe
yes - I have used the same password on my windows live account
maybe that is why it was easy to find out....
So even if I can find out who stole my BTC I can't do anything about it
Well Mtgox is safe but you need to be secure from your end too.If someone found your password you can't blame mtgox for that but yeah their security sucks, they don't have much options to secure peoples funds.
Never use online wallets until you are damn sure that you are using a strong password /new username and your pc is really secure and clean.
In your case, probably they found bitcoin related something in your live account and tried to log on mtgox and got your bitcoins.
but main thing is, how they got password? Either your pc is infected with some malware or someone knew that you have bitcoins in mtgox account.
Btw how do you know he's from china?
People are reporting that trojans etc. are coming from Altcoin clients, and dodgy click throughs, where the API on Gox is activated to send coins to the hacker. People are also reporting that the two factor log in, is still not secure enough to deal with this threat.
Check your API's.
