The question is:
Is it Pavane's password that's been stolen from Pavane, or a whole file full of Paypal user data that's been stolen from Paypal?
If the latter, then we should all be changing our passwords, but otherwise we're no more at risk than we were before.