According to various sources, it appears that the attack on PayPal never happened. The 28,000 passwords actually belonged to ZPanel, a free open source hosting site. According to PayPal, the company had been investigating the attack since Sunday night and concluded that there was no evidence any of its data had been breached.
Read more here – http://bits.blogs.nytimes.com/2012/11/05/no-anonymous-did-not-hack-paypal/