If you're able to get back your account, enable the "Require personal information to reset my password" option in the twitter account settings. Because you didn't have this option enabled, when your email was compromised all's they had to do was know your twitter username and do a password reset by email.
On the same topic: How do these accounts (including email) get hacked? Does brute force work even with max number of failed logins or what?
A lot of accounts are hacked through exploiting weaknesses in the "I forgot my password" secondary login method.