Although I do not have proof of this, I believe that the the password change policy came from the way early UNIX systems handled the password files.
Early UNIX systems did not separate the username file from the password file. Both were kept in /etc/password. This file had to be world readable in order for anyone to log in. So if you had any access at all, including guest access, it was easy to copy the password file. Although the passwords in the the file were hashed, it they could be cracked or a rainbow table created if you had access to a powerful enough computer. At the time, only mainframes or mini computers had the power needed, and cracking a password took between three to five months.
The thought process was that if someone did steal the password file, and you changed your password every three months, It was very likely that the password was changed by the time the passwords were cracked. These days, more powerful computers can crack the passwords much, much faster, and the UNIX/Linux systems have broken out the passwords from the password file and placed them in a shadow file that is not world readable.
The danger of the password file being stolen is no longer the same issue as it once was, but the "standard" password policy has never changed. Today, the reason most often given for a change policy is: "This is best practices, so we are going to do it." Few security consultants can give you the real reason for the policy, although many will refer to recent examples of passwords being stolen and tell you that you need to change a password often just in case someone does steal the password. The danger today is not that the person stealing your password will use it, but that they will sell it to someone else. On the one hand, that does give you a little time to change your password, but on the other hand, some people may feel that since their account was not cracked right away that their accounts are still safe.