If you read my post on 'spear phishing' you'll be aware that the hijacking of email accounts is on the rise. These attacks generally revolve around the attacker already knowing the login details for the account somehow.
When I speak to customers they often wonder how the attacker knew their seemingly complex password. Did they simply guess it?
The simple answer is no, in my opinion, that's very unlikely.
It's much more likely that the email address and password were used on another site/ service which has led to them being compromised or 'pwned'.