A scammer typically changes the password, email address, etc., for the PayPal account.
Then he spends up big, using the PayPal account owner's bank account or credit card.
What happens when the customer finds out, and finds that his bank account has been debited? That's what people generally mean when they say they've been "hacked". It's not really the correct term, because their bank account hasn't been hacked - it's their PayPal account which has been hacked. However, this gives the hacker ACCESS to the bank account via PayPal.
For the owner of the PayPal account, it's not so bad if the credit card was used. He's protected by the EFT Code of Conduct; he'll be reimbursed, assuming he gets on to his c/c provider as soon as he notices something amiss, and informs PayPal as well to prevent any further depredations on his account. However, I'm not so sure about what happens if a customer finds his bank account has been accessed via PayPal. Will he be reimbursed? Not by PayPal, I think... (please correct me if I'm wrong). What if the hacker transfers money from the attached bank account to the PayPal account within PayPal, and then transfers that as a "gift" to another account? Who's responsible? Who will repay the unfortunate fraud victim?
Your mission, should you choose to accept it, is to find out what happens in these instances. Assume that the perpetrator cannot be located and the money cannot be retrieved from the scammer/hacker.
==================================================================================
Countess is correct, quite a few years ago when I first started using Obey and was not aware of the peril's of clicking links in emails my Obey account was hijacked, I first noticed by the amount of questions I was receiving about laptops and cameras I apparently was selling ! I counted over 100 laptops and the same amount in cameras, I contacted ebay live help and told them what had happened and they removed all the listings and disabled the current password so I could reassign another password, { I noticed the same morning it happened so no one had won or paid for any items } once I regained control I looked in my settings, they were all changed ! third party authorizations - password - notifications - two emails / one mine / one other ? and others I don't remember now, I got to relaxed with security, it has only happened the once, funny how you learn very quickly all about online security when you've been bitten, with the applications I use now there's more chance of me winning the lottery than my network being breached....