A Possible Cause:
Try to remember something you may have registered for lately, could be a shopping site, blog site, news stream site, heck, this site. The truth is they may not have technically "hacked" your e-mail account at all. They may have hacked a less secure site that requires its users to register using their e-mail address as their username. For instance, if you shop at Amazon.com (and this is just an example I'm not saying Amazon has been compromised) one thing you can do there is save all of your shopping information so that next time you shop, you can just log-in, choose what you want, and check-out without having to necessarily enter all your shipping and payment information. Instead of using a catchy name like Tigger123, you use your e-mail address as your log-in name. Naturally it wants you to enter a password.
Surprisingly, a large majority of people, when they use their e-mail address as a log-in user-name for another site, give that site the SAME password as the actual e-mail account. So if a hacker finds a very insecure easy to hack blog site or something, and gather a bunch of e-mail usernames and their passwords, they will just go to the e-mails site and see if that e-mail address and password work on those sites too. For instance if I use my e-mail address as my log-in, and that e-mail address can be a yahoo, hotmail, whatever, so lets say firstname.lastname@example.org, well then that site gets hacked. They will just go to yahoo mail page, enter the e-mail and password, and just see if it works, if it doesn't they move on to another e-mail address. This is why you see some people saying my yahoo, my work, my gmail, etc. They didn't start by hacking your e-mail account, they found another site to hack where you happen to use your e-mail address as your log-in, and you use the same password for that site that you do for e-mail.
I know it sucks to have a million different passwords and to change them all the time but one thing you should always do is use one password for your e-mail account, and another password for anything else you sign up or register for, even if you have to use your e-mail address as your log-in (some sites require that and won't let you choose a random name).
You'll want another password for your social sites like Facebook, Twitter and Myspace. You should have completely separate passwords, long difficult ones for anything financial related. Finally you should have another password for random sites where you don't really care if someone ever hacks that site or that company shuts down and their servers end up in who knows hands.
Anytime you think your e-mail account may have been hacked, log-in and change the password as quickly as you can. One user above mentioned having their own e-mail address in their address book. That is a great idea to help warn you of potentially being hacked. Often times these hackers do not want to change your password and take over the e-mail account because then you become alerted to their using your contacts for their ill intentions.
If you can keep up with it, change your passwords often!
As for your address books, you may have to contact a computer professional to see if it can be restored or the e-mail provider, but in most cases, they are gone, sorry. See if someone that a fishy e-mail got sent to can just copy and past the e-mail addresses from the top of the e-mail and send them back to you. You'll have to manually re-enter all of them, but you at least have them.
I hope this helps :-)