So it looks like an old Yahoo email address that I haven't used in 5 years was broken into last night. Almost none of the addresses in it were current. But if you did get an email from me advising you to stop smoking, while I agree with the sentiment, I would strongly recommend against clicking on the associated link.
So no real harm, but the interesting thing to me is how the spammer got in. Like I said, I haven't used the account in years, and probably haven't logged into any other yahoo service in many months. I also don't use that username and password for anything else. So I doubt it was any kind of keystroke logging malware. Also, since it is a unique password, it wasn't leaked out from some other website with lax security. That really leaves only two possibilities. They got in through some flaw in Yahoo, which I strongly doubt. Or, more likely, they guessed the password.
The password I used is actually one I would still consider moderately strong. It is 8 characters, not a dictionary word, and includes numbers. No capital letters or symbols, but still, pretty decent. I use passwords of similar strength for pretty much everything else I do log into on a regular basis. So I guess I'm going to have to step up my game. Maybe break down and use some kind of password management service.
Anyway, let this be a fair warning to everyone. I like to think I know what I'm doing in terms of computer security and things like this can still happen to me. Be careful out there.