Outlook rule to forward all emails – is that a common scam?

Recently we had a security problem. One email account which is based on MS Exchange 365 was hacked and the hacker forwarded all emails per rule to a Gmail account.

I checked all relevant PCs and I didn’t find any viruses. And I changed the passwords. But in this case changing the passwords didn’t change anything because the rule which forwarded all the emails also worked after I changed the passwords. The forwarding only stopped once I discovered that such a rule was setup and then I deleted the rule.

How common is this hack? I never heard or read about it before. It is also still a mystery for me how the attacker accessed the email account. Probably he stole the password somewhere but I can’t figure out how.