TKO'd at EBay

Twice in the past month I have been notified by EBay that my seldom-used account has been compromised. Both times, there was no obvious damage - e.g. some spam sent from my account from the first occurrence, nothing on the second - and EBay was quick to shut down access and then re-instate me when I contacted them. However, I'm obviously concerned that my account could be commandeered twice. The first time, I assumed that someone had brute forced my password somehow. However, the second time around, I used a cryptographically strong-ish password. Needless to say, I'm pretty sure I didn't mistakenly give away my details to a phising site somewhere (I was careful to check the RSA credentials of the EBay rep I chatted with both times). In the end, I requested that my account be terminated as I don't use it much anyway.

Here are the scenarios I foresee, ranked in order of likelihood:

1. EBay's intrusion detection algorithm mistakenly re-triggered on the old spam in my account from the first occurrence,
2. There is some flaw in my firewall/security/virus checker and my home machine from which I log-in to EBay has been compromised,
3. There is a flaw with EBay's security and their accounts are at risk, and
4. During an episode of sleep walking, I logged into a phishing site and gave away my account details.

The EBay chat rep assured me it couldn't be scenarios 1 and 3. Anyone else experience a similar issue recently?