I have had many clients over the years have their email accounts hacked into and sometimes hijacked. The most common denominator was usually Outlook Express, with Outlook a distant second. It became so bad that somewhere around 1999 I began actively recommending they remove the programs from their computers and use a professional service such as Fastmail instead.
Outlook, Outlook Express, and HotMail were not program-hacked, but their password data was compromised so badly that many people had their logins copied and lists of their login names and passwords were commonly available on the internet. You could go to various sources especially on Usenet and get such lists to log onto various sites or establish a presence or account on other websites.
Just FYI.
Your story is illustrative of the need to regularly rotate your common passwords. I know people who’ve used the same password for decades. It takes one breach, and the bad guys know how to access your entire life.