Firstly, check to see if the emails were genuinely from your account, or just spoofed. This can be done by checking the email header and verifying it was sent from a server that's used by your email provider.
If your information was gained then it doesn't sound like it was on a personal scale, but rather by an automated bot of some sort, a real person would not be so stupid and make such silly mistakes.
What did you run a scan with? I would suggest doing a scan with malwarebytes in safemode. The two incidents may be related, its impossible to say. When you say they were hacked, do you mean they lost control of their account?
There is a lot of spoofing, which is easy to do with emails.