Just like credit card fraud and identity theft.. very rarely is it a result of some "hacker" who managed to figure out your login/password. This is often the most frequent misconception that people jump to when they have login problems or their account is actually compromised.
Having worked in Internet Security for several years, the cases resolved fell in to the following causes from most frequent to least.
1. Family member or friend was given the login information. Solution: Never provide your login information to family or friends or anyone else for that matter. While they might be trustworthy, they may not be not be internet savvy and may compromise your information by one of the examples below. Most commonly however, family or friends intentionally compromise the account.
2. Victim uses the same login, password and email on fansites and community forums. Account information is then compromised by the site owner. Solution: While using the same login information for all the websites you access is convenient for organizational purposes. If your information is compromised on one site, it has then been compromised on all the sites you frequent. Use different email addresses for various parts of the web you use. Eg. Use an email address exclusively for your banking websites, business, etc. Another for family and friends. And a third for shopping and signing up for special offers. (the latter will tend to be your "spam" bucket)
3. Account information was voluntarily, but unknowningly, provided to a third part.. usually via a phishing website. Solution: See #1 and #2.
Also, pay very close attention to the address or URL that you click on even on the official forums. Most browsers will display the "target" website that the link will take you too. Many sites will use a third party to process purchases and such. If you are suspect about a site requiring your login information or other sensitive data (ss#, mailing address, etc.) contact the site administrator or call Customer Service to verify.
4. Victim uses the "Remember Login/Password" feature in Internet Explorer. This is a plain text file which is easily compromised by spyware which may be present on the computer. Solution: If you absolutely must have your computer remember your logins and passwords for you, use an alternative 3rd party application which encrypts the data in a 128bit format such as
RoboForm. Firefox (and Seamonkey) also encrypt saved logins on both the PC and Mac. But, several security holes have been discovered which exposes the data to worms and spyware regardless of the encryption.