Pete,
They didn't hijack anything. What they did was harvest your email from one of many, many sources. Most likely someone forwarded an email with your email address still attached. I hate it when I get an email that has been forwarded 10 times and each time all the previous recipients email addresses are listed. Some one in the great circle of friends may have been compromised and the email was harvested from their system. Most good anti-virus programs will protect against that type of harvesting, but it doesn't stop there. Google search your name, like "pete hanson email" without the quotes. If you want to pay for it, your email is available.
It's a sucky system to say the least. Once you have sent anything over the ether, or have posted anything that you even think is in a secure location. It is there forever.
By all means, change passwords frequently. That is a good practice.
What you experiences is a "Spoofed" email that utilizes your email name and address that is visible, but the header information will actually reply to the perpetrator of the email. Header is not the To, CC, or BCC, but the information contained inside the email that directs it where to go. Most email programs will allow you to "view header." That is the true header information. It is what is required to be sent back to the "ABUSE@YOUREMAIL dot COM." Example would be
abuse@yahoo.com for yahoo accounts. They act pretty darn fast when they recognize a scam. When I reported exactly what you described to my abuse server, they responded immediately and blocked that return address. Unfortunately they just resubscribe with a new account until their entire domain is blocked.
Good luck to all.