'Notice of unusual account access' indicating foreign countries might be misleading in some ways.
Hacking source can be obfuscated by using a proxy service, so in reality, the guy next to you in a Starbucks (for instance) could have done it.
"Steve..." is partly correct: if you use(d) a hotspot, your Y! authentication cookie could have been slurped.
Counter-measure for that:
[My OC; posted 12-21-'12]
Yahoo finally got the message and moved mail to SSL (secure) servers, however, it must be manually set to do so all the time.
To take this essential step, in Yahoo Mail, cursor over the upper right 'gear'> Mail Options> General tab, near the bottom, check the box "Make your Yahoo! Mail more secure with SSL"> tick "Save" near the top.
Your browser should then be accepting the Certificate for "mail.yahoo.com", and whenever you connect to it, there will be the address pre-fix 'https'. Always look for that.
This step is absolutely critical if you ever use a computer (or any smartphone, tablet, etc.) in a mobile situation, like at a "hot spot" cafe, library, or anywhere really.
And likewise Home units should make the adjustment.
Firefox, with "HTTPS Everywhere" will ensure this connection is always made.
SPECIAL NOTE!
This will not prevent account hijacks ENTIRELY: it only works when you "log-in" to Yahoo and go right to mail, then "log-out" from Yahoo. If you migrate to other Y! services while logged in, you will be dropped to normal channels and THAT is when your 'session authentication' cookie will be slurped, allowing someone else to log-in as you!
------------
Of course, if you use a PC on the 'Net, then nothing is out of the equation, such as keyloggers; and most A-V don't find those anyway. https://www.pcworld.com/article/2017197/report-declares-antivirus-software-a-waste-of-money-for-businesses.html
Best current solution? Use Linux for all Internet facing tasks. Keep your PC safely sequestered.