Just been googling about these cancelled purchases, and came across this:
"Another increasingly common tactic is for foreign "sellers" to use eBay to collect personal information. You buy from a fake listing, pay, then seller cancels the order with a lame excuse. Once they have your paypal user name, then they can narrow down the amount of tries to hack it, needing only a password, not both data.
I even had this occur with the same "seller" twice in a row.
I reported it, but like many other problems, eBay employees are too busy tooting their own horn to care."
Might be worth increasing the strength of your paypal pw just for safety...?