If your contacts have received e-mails purporting to have come from you but you did not send, it's possible that your account has been hacked. It's possible that your e-mail address was used since spoofing the "From:" address of an e-mail is child's play.
If you see e-mails in your Sent folder that you did not send, your account HAS been hacked.
If you cannot log in to your e-mail account and your alternate e-mail does not work and your security questions are wrong or the answers have been changed, your account HAS been hacked. In this case, it's virtually impossible to recover the account unless it's tied to a 3rd party service such as AT&T Yahoo DSL service, and even then only if it's the primary account.
You can protect yourself in many ways:
1. Use a long, complex password. At least 12 characters, but the longer the better. NEVER use dictionary words or common "l33ts" such as "passw0rd" as those are asking for trouble.
2. Change your password regularly. Every 30 days is not too often and longer than 90 days isn't often enough.
3. NEVER give your password to ANYONE. EVER. No matter how logical the reason sounds.
4. NEVER "verify your account details" in response to an e-mail. That's a guaranteed fraud attempt. And NEVER click a link in an e-mail that purports to come from a company that you do business with. Launch your browser and manually type in the URL to access your account.
5. NEVER use untrusted proxies in an attempt to bypass work or school access control systems. Most open non-commercial proxies on the Internet today are actually key-logger sites put up in China and Eastern Europe for the express purpose of stealing account information. Use one of those to access your Paypal account or eBay account and you'll be ripped off blind for sure.
6. If you even think that your account may have been hijacked, IMMEDIATELY change your password.
7. NEVER access your e-mail or a business account (bank, eBay, etc.) from a kiosk machine or Internet cafe. Many of them have key-loggers running on them for the express purpose of hijacking accounts.
8. Be VERY careful when using open, unencrypted Wi-Fi hotspots. Sniffing wireless traffic is simple with the right tools and is impossible to detect unless you are looking over the interloper's shoulder as he's doing it.
Tracing the identity of a hacker who hijacked your account is nearly impossible. Unless you know exactly when they logged in to your account it's impossible to trace with any certainty. And even if it can be traced, if they are outside of the country it's virtually impossible to get law enforcement involved.