We often get to hear that Email accounts are hacked and someone else has logged in email addresses and sent out mails to the address list.
No this certainly is a case where one gets worried about the misuse of email account. But then who is responsible? Certainly we ourselves as we either do not change our passwords or we keep them so simple that anyone having knowledge what we call Personally Identifiable Information (like our / family member birthday, our location zip/pin or similar information) can recover or reset our password.
Yes it indeed is alarming as email account hacking, specifically if it is from a web based email service provider, does not require any special tool or any special skill. All you have to know is the answers to few questions that thesee web mail services post when trying to retrieve passwords or may be change them.
IT pretty easy to do this when you know the subject (person whose account you are hacking).
Hence it is quite important that along with password you change your secret question and answer at a regular interval and keep it to yourself. Also, small tweaking may be done in the ZIP / PIN change (where applicable) as that also plays an important role in password recovery or changing.