Your email has NOT necessarily been hacked. Indeed, it's probably UNLIKELY that it's happened (although changing your password would still be sensible).
If your email account had been hacked I would expect it to have sent mail out
to people who are on your contacts list but that's clearly not the case here.
Spammers send out millions of emails to addresses that they've simply guessed at. (e.g. if you send emails to
[email protected],
[email protected],
[email protected],
[email protected], etc, some of them are bound to be real addresses, whereas others won't be). Further, spammers know that email filters will be trying to stop their stuff from getting through, so they use a false address in the 'return' field. That address can simply be one that (like the recipient's addresses) they've guessed at or one that's been harvested from an insecure website somewhere. (Spammers prefer the latter as a genuine address is less likely to get trapped by email filters).
So a spammer somewhere in the world (who has probably had no access to your email account whatsoever) has simply used your email address in the 'return' field for some of the spam that they've been sending out. As explained above, because they've only guessed at email addresses to send the spam to, the majority of the spam messages will generate 'bounce' messages which will be sent to the 'return' address (i.e. yours).
Theoretically that could result in you getting millions of bounce messages but, fortunately, you won't. Spammers know that email filters would spot if you were apparently sending out millions of emails hour by hour, so they'll only use your address for a short while before moving on to use someone else's address in the 'return' field.
So, in the short term, there's not a great deal you can do about the problem. It should go away as soon as the spammers stop using your address in the 'return' field of their emails.
In the longer term you need to think carefully about whether your email address is one that can be guessed at by a computer that will create millions of addresses simply by combining forenames or initial with surnames (such as
[email protected]) or something that's far less likely to be guessed at (such as
[email protected]).
Further, you need to ensure that you use DIFFERENT email addresses for registering with (or ordering goods from) different websites. If you always use the same address then it only needs one of those websites to be insecure and that address will be recorded by spammers as a valid one (meaning that you'll get lots of spam and your address will be used in the 'return' field of spam, resulting in lots of 'bounce' messages).