The hacker - one Richard Kirk - cracked the passwords to the eBay accounts and from there accessed the victims' PayPal accounts. He then proceeded to transfer the money from these accounts to his and, finally, to buy stuff with the appropriated funds.
Among the things he bought were actual gold bars, whose delivery was monitored by the police after having been contacted by the owner of one of the compromised accounts. According to thisisnottingham.co.uk, Kirk was arrested "with his laptop on his knee, surrounded by parcels" after the postman left.
Whether Kirk managed to crack the passwords to the eBay accounts by guessing or by phishing has not been reported, but given the fact that compromising PayPal accounts gives attackers direct access to money, it is no wonder they are the most targeted online accounts by phishers.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.