In reality, a group of hackers claimed to have compromized another site, which PayPal points out is "less secure." From the breached website, the attackers mined usernames and passwords of a number of accounts. Upon releasing the information publicly, the hackers suggested that people try accessing personal online accounts on websites using the same credentials, and PayPal was listed as a suggestion.
So there was no breach of PayPal's system, instead the hackers were just suggesting that some users would have used the same password as they did for the compromised website.
"PayPal's security team became aware of this particular security situation early on and proactively began monitoring a number of accounts for suspicious activity, in order to protect our customers," the company stated.
"PayPal always safeguards our customers from qualified unauthorized payments sent from their accounts. We regularly monitor for unusual activity on accounts and will work directly with customers if they suspect their accounts have been accessed fraudulently."