It looks like the Sarah Palin Yahoo mailbox attack mentioned by Ryan Naraine and Chris Wysopal is real. Assuming that you are a high-value target, let's talk briefly about how you can prevent this from happening:
- Connect to your mailbox only from computers you trust.
- Use complex, difficult to guess passwords.
- As Chris Eng pointed out, you should carefully scrutinize the password reset policy used by the webmail system.
- Fetch your mail to your local system via IMAP and delete the messages from the server.
If you must use a webmail system and you want to be extra careful about web-based attacks, noted security expert Dino Dai Zovi suggested the following:
- Use separate web browser applications (either Internet Explorer, Safari, Firefox, Opera, or Chrome) for your critical accounts and your general web surfing.