To my knowledge, my machine is secure. It wasn't Windows and I had both anti-virus and a firewall active. For one thing, what made this strange was that I haven't even logged into Yahoo for months (probably close to a year) when this happened, repeatedly.
If I remember correctly it was a random alpha-numeric password with both different cases and a special character or two, and I've never used the same password on a different service.
All I know is that I've never had this problem on competing services.
I've found XSS bugs that allow full account takeover being actively exploited on Yahoo! a couple of times. They have a lot of legacy crap that was written 15-20 years ago.
