In this age of "over-sharing" on social media many celebrities share everything about themselves with their fans. If the hacker does his homework, they can learn everything they need to know about the victim such as children's names, pet names, favorite restaurants, favorite places, etc. Many people often use this type of information in their security questions. Hackers can often gain enough information from social media or wikipedia to guess the answers to security questions. It's as simple as making a wild guess. Guess correctly, and the hacker is in.
It's not just celebrities who are targeted for email hacking, the average person is also at risk. Remember, the only thing protecting your email account is a password. So making the password effective is the key to making sure that your email account is not hacked.
When setting up password security on your email accounts, don’t use any kind of information people can either look up, logically ascertain, or just guess. The secret to having successful challenge questions is to use trivial information that nobody else could possibly know. Most services allow you to create your own questions but for those that do not, consider using “purposeful misspelling” on your answers. “Houston” becomes “H0ust0n”, using zeros in place of the letter O. But even then, the password is easy to guess. The password should be complex, with a combination of letters, characters and numbers. For example, "Houston" could be "H0u$t0nn7!" It's also a good idea to make sure that you bank account passwords are completely different than your email passwords. Banks usually have additional security protocol for password changes, but this doesn't help if a hacker guesses your email password, and you are using the same password for your bank accounts. The hacker now has access to both.
Finally, don't use password hints or security questions that are easily guessed. Don't use children's names, pets names, favorite places. The more obscure the answer, the better.