I have just received an email from Paypal advising me that an additional address in USA has been added to my account. I googled the situation and found that it was most likely to be a scam email, but when I tried to sign in to Paypal, my account was locked and I had to call them. They confirmed that an address has been added, but no other activity such as transactions had occurred. After jumping through a few hoops I've restored my account and changed my password.
The real reason I am writing about this is the sinister nature of the hacking. They didn't do any transactions, so what did they gain? They certainly alerted Paypal that they could get in and change things, but what will they do next?
My Paypal account has records of all transactions, including the delivery addresses and who I deal with, but where is the risk in that?
I am now adopting a new password policy while I await further developments.
Please keep those passwords secure, unique and regularly changed.