At some point, the password for the sender's Yahoo account was compromised. Although the horse is out of the barn, it's still worth securing the building.
Here are six suggestions to lock the barn:
1) NEVER EVER login to ANYTHING from a public computer. You should assume the computer is full of malware and keyloggers. Resist the temptation to "just check my mail for a sec."
2) If you use your computer on a pubic wifi hotspot, only login to websites that start with HTTPS, not HTTP. HTTPS traffic is encrypted. HTTP is not. Anyone using the hotspot can record all network traffic. There are programs that output Excel spreadsheets of sites, userids, and passwords. This does not require a sophisticated hacker.
3) If you read mail in Outlook, Thunderbird, or some other program and you use your computer in a public hotspot, do not read mail unless your mail provider supports encrypted connections. The connection types should be POP3S, IMAPS or there should be a "use SSL" checkbox in the configuration. Check with your provider if you're not sure.
4) Use a hard to guess password. Your name is not a good password. What's your favorite line in a movie? I like Citizen Kane and one great line is "I think it would be fun to run a newspaper." So, for a password, I could use "ITiwbF2ran". On the piece of paper I carry around to remind me of passwords, I'd have "email psw: Charles Foster Kane". That will help me, but won't help anyone else.
5) If you must use Windows, use it safely. Use Internet Explorer 9 or Firefox as your web browser. Install a good antivirus. (I like NOD32 from ESET.)
6) Use different passwords for different services. Your mail password should be different from your bank password, which should be different from your voicemail PIN, etc. If you use the same password across systems, everything is only a secure as the weakest one. Do you really know who's running every system to which you login?