Good to hear you got that sorted, people have all kinds of crazy ways to hack an account. Last year a designer I know of had £1000 stolen from his account but it all got sorted out luckily.
Spyware may be the cause. Another reason in my opinion is because most of us tend to use the same or nearly same password for multiple sites. And with the more sites we have the more threats from unsecured connection in both our side and server side. So changing password frequently and keeping different password for different sites would make us more secured, I think.