Got home today to find that my primary email address had been hacked presumably with brute force and used to send a web address 'medshealthworld.net' to my address book and everyone I've ever emailed. They then emptied my sent folder (which is no big loss, as I mostly use a client to send mail).
My password was not that easy for a brute force attack to obtain. It was 11 characters made up of two words and a 2 digit number at the end: for example timesound66 (not exactly this obviously!)
I'm making this thread as basically just a warning to people that whilst you should NEVER protect any web identity with a single word or name (eg. apple, James), even a password like timesound66 is a target.
Another thing to mention: this person, or rather bot, could have emptied the £7 in my Paypal acc and made a purchase if he'd tried my password and email with Paypal. Probably my fault for reusing passwords, so I changed both immediately.