Social networks are to blame too
The second step in Facebook's sign up process is the 'friend finder' option where the user is invited to submit his/her Gmail / Yahoo / Hotmail login details so that some script can send automated emailed to the contact list.
Ironically, point 4.6 of Facebook terms states: You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.
The problem with this (apart from the risk of some dodgy engineer skimming off this info) is that it makes it seem OK to share webmail login details. If I were a phishin' cyber criminal I'd set up a social network just for that purpose!
I've blogged about this here iif anyone is interested: http://www.architxt.net/blog/is-facebook-helping-phishers-hack-email-accounts