Unfortunately, it is not easy to regain control after an account is hacked.
Indeed ! That's why I would think that, despite the availability of free email services and fairly decent preventative security on the part of Gmail, if email is an absolute necessity in one's online life, then
paying for it (for the benefit of personal customer service) should be seriously considered.
Some services offer relatively inexpensive accounts (as well as other more expensive premium levels with more features/storage): FastMail ($5/yr for an "ad-free" account with support via tickets and the EMD forum), PolarisMail ($12/yr), FastMail again ($15/yr — for a "family" account with one "lite" user account), EuMX.net ($16/yr — excellent reputation for uptime and customer support), Runbox ($20/yr for a "micro" account — I have this one).
Imagine — for what some people pay to eat out once or have a single pizza home-delivered, you can have a year's worth of peace of mind that prompt customer support (including, presumably, quick-and-painless account recovery) is just an email away !
If you end up needing to make a new account, or you have other accounts already, NOW is the time to protect them from this happening to you again. Set up alternative (email and/or cell phone number verification safeguards) ways to access the email if there is a problem. After you have already been hacked it's a much bigger problem and harder to deal with and resolve. It is much easier to PREVENT it from happening in the first place.
Speaking of which, a
post just today at Liveside.net says that Outlook is
FINALLY going to be implementing two-factor authentication. Yeah, yeah... I know we've heard that before, but it
does seem to be on the horizon. I mean, they at least have a screenshot of it already.