Which is exactly why you have a presumably strong password AND a strong PIN. No one can get the bitcoins from your account without both of those pieces of information. Those are the things in place to prevent people from stealing your bitcoins. If your account was accessed, then it is probably because you, at some point, put your password and PIN into a phishing site that looks like SR but was created to trick people. Either that, or you're mistyping your password or your password and PIN were stolen somehow. Have you ever used the same login info anywhere else? That's not true at all, actually. No one's account has been hacked. What you're referring to are vendors who gave their passwords and PINs to a phishing site. People didn't break into their accounts - they simply logged in using information the vendors provided.