If you suspect your email account has been compromised, go through these steps to check and verify:
On your webmail, go to Profile > Log, and you will see a list of your login activities. If you found any login record that is suspicious, or the area detected from the login is different from your usual access, it is likely that your password has been exposed.
A hacker does not necessarily gain control over your account and lock you out. At times, they just want to misuse your account to do something illegal, such as sending spam mails to your contacts. Check your sent folder to see if there are any emails that are not sent by you, especially those that are delivering to many recipients at a time.
Beware if you receive password reset emails when you did not request for one. An attacker might be attempting to find out your password and other details through this way.
When an unauthorised personnel is trying to login to your account from another country that is not allowed by you, AfterOffice's Suspicious Access Prevention (SAP) feature will block this login, and send a notification email to you. If you receive this notification, be alert as someone has already got your password. Even though their attempts to access your webmail have failed, it is just a matter of time for them to hack you other accounts and your mail clients, which are not protected by SAP. It is best for you to check your computer's security and change your password immediately.
If you found any suspicious activities going on on your email account, as elaborated above, you are advised to secure your account immediately by following through the steps at: What should I do if my account was compromised?