It's been a while since it happened to me, but I still remember that feeling you get when your email gets hacked. Of course, I was a bit too panicky at the time to check for online guides about how to deal with the situation, but things worked out OK in the end. In case you want to know how to deal with this kind of issues, here are several handy tips.
Get your email back
There is a very slight chance that the hacker didn't change your password and if this is true, you can easily get your account back. First make sure that all the emails (phone numbers) connected to the address that you are currently logged on into belong to you, then change your password to something as complicated as possible. Make sure it's not something personal, so don't use names or birth dates from your household / family.
If your password has been changed, you will need to follow the steps indicated by your email provider. These are different for each service, but it generally involves answering a secret question. Once you get your password reset, follow the two steps from the paragraph above. In case your security question has been modified or the hacker used some other method to completely lock you out of your account, you will need to contact the service provider and (at their request) bring some kind of proof that the account in question is yours.
Something that you won't find on many websites is what to do in case both you and the hacker are logged in it at the same time. You have to hope that your Internet is fast enough to keep up. If you are fast enough, you need to enable the two step authentication system and enter your phone number. AOL doesn't yet have this option, so what you will end up doing is enter a "password changing" fight with the hacker until either one of you gives up, or AOL will consider this suspicious activity and block the account completely (which is a fairly good solution for you). Once the account is frozen, contact the service and tell them what happened.
Asses the damage and deal with the aftereffects.
Once you've got your email back, it's time to figure out why was your email stolen. Check the sent folder to see if the hacker spammed your contacts with sale offers, fraudulent links that lead to phishing websites, etc. Even if you don't find any evidence of that, you should still email all of the people on your list, apologize and announce them that your account has been hacked, just in case. Also, check the settings of your account to ensure the attacker didn't set up some shady forwarding addresses.
Next thing to do is to check the Inbox, Spam, and Deleted folders to see if the hacker has used this email to take control of any of connected accounts from other websites. If it happened, you will quickly figure out why everyone says that it's not OK to use the same password on more than one account as you will now have to change each and every one of them.
Lastly, think about (and verify) what private information the hacker could have obtained from your email. If you had important data like a social security number, banking information, etc., you will need to either carefully monitor all your credit cards and bank accounts or contact the fraud department of the bank that you work with, and ask them for help.
Prevent such a thing from ever happening again
Once the immediate danger has passed, it's time to make sure that such unpleasant incidents don't happen again. You should start by scanning your computer with an up-to-date antivirus, to make sure the hacker isn't using some malware to spy on you. If your computer is infected, you should remove the threat and then change your passwords all over again.
The next step is preventing similar incidents. Even though no system is perfect, you really should enable the two-step verification system as it makes things a lot more difficult for hackers. The way it works is like this: each time you log in from a new (untrusted) device or when you want to reset the password, you have to confirm the action through a code that the mail service sends to your phone. It's free and it's very efficient, so you really should try it out. Moreover, make sure your passwords contain at least one number, one higher case character, one symbol and that they are not very personal so that they won't be easy to guess.