Is this a new phenomenon? I always felt that Yahoo's systems weren't secure. Until I shut down my Yahoo accounts, it would be a semi-regular occurrence for both my Yahoo email and IM to send out spam to everyone in my Yahoo contacts list. Am I wrong? I've since shut down my account since I got sick of dealing with it.
That's not a Yahoo hack though. When that happens it is almost always your local machine that has been breached by a virus which simply reads the locally stored contact list. And to answer your question, no, it is not a regular occurrence for Yahoo, or any of the major players, to have their servers hacked.
A number of times in recent memory Yahoo has been subject to attacks using XSS and similar. One example of one that was exploited (there was a disclosure back in May, but that didn't have reports of active exploits): http://thenextweb.com/insider/2013/01/31/yahoo-mail-users-st...
To my knowledge, my machine is secure. It wasn't Windows and I had both anti-virus and a firewall active. For one thing, what made this strange was that I haven't even logged into Yahoo for months (probably close to a year) when this happened, repeatedly.
If I remember correctly it was a random alpha-numeric password with both different cases and a special character or two, and I've never used the same password on a different service.
All I know is that I've never had this problem on competing services.
I've found XSS bugs that allow full account takeover being actively exploited on Yahoo! a couple of times. They have a lot of legacy crap that was written 15-20 years ago.
