As per info from TNW: Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While “hacked” is a very broad term nowadays, it does appear that Yahoo email accounts are being compromised after users click on a malicious link they receive in their inboxes.
Update: Yahoo says it has plugged the security hole in question but researchers beg to differ, as detailed at the bottom of this article.
A bit of digging shows the attack seems to have been carried out by a lone hacker by the name Shahin Ramezany. He has uploaded a video to YouTube demonstrating how to compromise a Yahoo account by leveraging a DOM-Based XSS vulnerability that is exploitable in all major browsers:
[Video Removed :(]
This is scary. Simply never click on a link in an email if it is even remotely suspicious. I would encouraged everyone to change their passwords to a safe password that combines letters, numbers, and symbols.