FIRST CHANGE YOUR PASSWORD
make it something secure at least 8 letters use at least one capital and 1 number or symbol
do not give it to anybody
if you join a site such as facebook that wants to browse your email contacts to see who you know on their site. do not let it.
then do a virus scan on your computer to make sure nobody is getting your password XXXXX way.
there is very little you can do about the stuff that has already gone out. there are forms you can fill out but the end result is they shut down your account for a week while they investigate then give you back your account with a new password. they never catch the people doing it. they never try very hard. there is an entire industry set up to block spam they dont actually want spam to stop. the drug companies dont really want it to stop they make lots of money from it and they have a lot of political pull.
all you can do is keep them from using YOUR account anymore