If you've used an email address for an extended period of time, the chances are very high that your email password can be found on the internet (in combination with your email address).
The main cause of password leaks are the so called data breaches. That's when data that's supposed be kept private is released and/or stolen .
There can be many reasons for a breach, hackers being the main cause. During these breaches, passwords are definitely a popular target.
That's also why it's recommended to use a different password for every website.
From my personal experience, it's really easy to find a list of thousands of emails and passwords if you know where to look.
You can you use a website such as haveibeenpwned.com to check if you're email password has already been leaked.
There are 3 main ways to avoid this issue.
#1 Constantly change your password
#2 Use 2 Factor Authentication
(Every time you or someone else tries to log in, you'll have to enter a code that's either generated by an app or received via SMS. SMS is however not that secure so choose the app variant if possible.)
#3 Never use your email to sign up/in on other sites
The safest method is a combination of all 3 however the easiest is definitely to just use 2 factor authentication.