One of my customers has a good-sized business selling on ebay - at any time he has thousands of auctions in progress, and he's been making a very healthy living for himself and a half-dozen employees for several years.
Recently, he was travelling in China visiting suppliers. He used the hotel wifi (I forget which hotel, but one of the major chains) to do some ebay business. Someone hijacked his ebay account and put up hundreds of auctions that looked legit, but with a rogue paypal account.
When he got back to his office this week, my guy found tons of email from "his" customers looking for shipments from auctions they had won and paid for. I'm sure this will be worked out between ebay and paypal, but still, it's a cautionary tale.