There are many reasons as to how your Windscribe account was compromised. But, before we go into specifics, it is important to note that this issue was not caused because of something on Windscribe's end.
One of the main reasons for this was because of a weak and/or reused password. For instance, lets say that your email and Windscribe account used the same password. Then, for some reason, your email was part of a data breach. As a result, the individual(s) were able to get access to your email account and, through it, got access to your Windscribe account.
Another reason could be due to the fact that you had shared your credentials. For instance, lets say that you decided to share your Windscribe account's credentials with a family member and sent the login information via email. Then, for some reason, your brother's email account become compromised. As a result, the individual(s) in question got access to your Windscribe account.
A useful site to check if your email was in a data breach is https://haveibeenpwned.com/ as it will check many different databases and breaches.
In general, the best security practice is to use a unique and secure password on each site you sign up for. This can easily be done with a password manager as it will track all the passwords for you while also generating unique and secure ones for all sites. Additionally, you should enable 2 factor authentication when available as an extra layer of security.