They pay big money here to avoid having to provide such protections here.

Nope. The transaction was present on paypal prior to anything I did. This had NOTHING to do with my ebay - which I basically don't use - the purchase was made with someone else's account, using my paypal info. Paypal allows for 'trusted sites' (and obviously ebay is for them) to bypass any MFA. It's a nice scheme.

Make absolutely certain that 2FA is always invoked at moment of purchase. Previously, I had it set up on paypal, and they let me buy things without triggering it.

I'm in the process of opening a fraud report through my bank. I don't see any point (beyond hassling myself further) for dealing with the cops.

I think there are protections OVER 1K. Of course, multiple purchases could be made.

No...someone else used their ebay account and was able to link my paypal to pay for it. The info to do this is stored both locally (on my computer) and on vendor sites. So, either paypal stores the information locally insecurely (as well as my computer being hacked) or some vendor was hacked.

@@calandale oh ok thanks for the clarification. I'm an ebay seller (and occasionally a buyer) and I have security concerns with ebay and with paypal (I don't use them in conjunction). It probably means that in one of those vendors they had low security and someone copied their password database but cracked it by using their own password in the database as an example for the cracking software. Although strange that they should target your paypal details, whenever a website states 'save your credit card details for future use' I click on 'NO' !! Unless it's say Amazon or Ebay. In the UK right now for ebay sellers the law is this year that you have to provide them with your Social Security Number (N.I. Number in the UK) so if anyone were to hack into ebay they would have your ebay account, bank account, social security number and maybe even you bank credit or debit card for purchases - the full whammy ! Not great given that ebay has had data security breaches in the past. I really hope this thing gets sorted and you get your money back eventually.

Bother, typed a long response better explaining things. Short is, the money is gone forever at this point - and the take-away is DO NOT link paypal (or any payments) through ACH - you have essentially no protections.

@@calandale btw just going forward it's a good idea if you can in the U.S. to set up 'two step authentication' on your mobile phone for all payment accounts and banking, so whenever a new transaction is initiated manually you get a login code sent your cell / mobile phone. That would of / should have stopped the fraudsters. Or did they somehow get around that by switching it off your Paypal account ? It's a pain in the a$$ if it asks you every time when you log in to make a payment but it's secure, also some payment and banking online services only ask you for the code sent to your mobile when you log into them if they detect a change in the IP address of the device initiating manual payment.

Nope - the money's gone. I tried to explain why in a response - but clicked off the box temporarily and lost a long post.

@ ah that truly sucks, im sorry to hear it :(

I have a couple

Who's sarah?