I closed my eBay account, and since they own them my Paypal account too, a few months ago due to concerns regarding their attitude to security. I'd made some changes to my account which generated a couple of e-mails to me. Both e-mails contained what eBay claimed was the IP address from which the changes were made, for security purposes. One of the e-mails had my correct IP, the other one that geolocates to somewhere in India.
I appreciate that this issue could be due to factors outside of eBay's control, but equally it could be an issue with eBay. However, I found it virtually impossible to contact anyone with sufficient information to report this potentiall issue to, and everyone I spoke to was utterly clueless with regard to basic security issues. I was even asked at one point to explain to them what an IP address was.
The combination of ignorance and brick walls was enough to convince me that eBay don't take customer-side security particularly seriously, and since I'd not used them for years I decided I'd be better off without them. Now I just have to hope that the database that was breached isn't one that contains details of ex-customers, given how shockingly poor eBay have been with regard to contact current customers I highly doubt they would have the initiative to contact ex-customers who may be affected.