I got to work in the morning and found an IM from a colleague with a link in it. It went to a geocities page that requested my Yahoo! account information, and in the morning daze, I entered my information. As it didn’t proceed anywhere, I realized someone was spoofing my information. A panicked run to my Yahoo! account information page, change password several times (to make sure it still worked), sigh a worried sigh of relief.
The problem is with a company that hosts sites of third parties without any supervision. The IM had the timestamp of 19:58 (around 8p), and nobody had shut down the site by 9:30 in the morning. As far as I know, that site is still up (and I warned Yahoo! Paranoids, with whom I still communicate occasionally).
Yahoo! needs to smarten up. I currently use it for my login information, since I trust the company, but that’s something I will have to do without after this experience.