There’s yet another rash of emails from hacked Yahoo! accounts today. What happens is that the hackers build up a stock of passwords for accounts over a month or two, then spend a day or two using them to spam people with assorted crap. They typically CC random names from your contact list to cut down on the number of emails necessary to spam everyone.
So if you don’t want to bother people, including outing clients / contacts to each other, change the password now, and ideally every month or so. You may also want to consider where you access your webmail from. Computers in libraries are usually ok because the terminals are reset between users (but they typically block escort-related sites) whereas random web access points may not be.
The same applies if you’re using Hotmail / Live /Outlook /whatever Microsoft are calling it this month. Interestingly, it is much rarer with Gmail and their optional two-stage authorisation can eliminate it entirely*.
* Whenever your Gmail account is accessed from a new device, you get a text on your phone with a code. Without the code, you – or anyone else – doesn’t get in. It can be a pain if you’re just having a quick email check on someone’s laptop, but that may be the one that’s reporting every key press to someone nasty.