my yahoo account was recently "hijacked" (my term) by a spammer;
As best I can tell, i visited a malicious webpage (referred to me by a previously-hijacked yahoo user); and with an hour my account was methodically sending spam to everyone is my address book (in alphabetical ordered by first name!).
The spam was sent from a russian IP address.
This appears to be a security hole in yahoo account authentication -- after all, why would yahoo's email service allow "me" to send mail from a computer/IP from which I am not logged in? (per the yahoo account login history).
I have all the spam emails sitting in my sent folder as well as spam received on other account, in case anyone is interested i can post headers and whatnot.
Where are such security issues discussed?
see some discussion here, the article is dated, however scroll down to "why isn't this issue getting more attention?", in the comments area: http://www.zdnet.com/new-yahoo-app-vulnerability-explains-android-spam-7000000964/