I can give you tips now. The main premise behind yahoo ID mining is that people are generally lazy and want a password that can be easily remembered, so when you come up with a list of passwords it is generally common words: enter, password, God, princess, yahoo, 123, qwerty, you get the idea. The programs were also made to automatically try the name as the password, which is also pretty common (login: Twink password: Twink). Not everybody uses words that simple but enough do to make it worth your while to load a list of 10,000 yahoo names along with 100 or so possible passwords and start your cracker running. By the time you ran through all the combintions you might have 25 to 100 hits.
The key to avoiding these programs is to use a password that isn't worth trying because the odds of hitting an ID are so small it isn't worth the trouble. So while the password asdf can find you a lot of IDs the password or asd1f isn't worth trying because the odds of a hit are so small. The simple addition of a number or random letter into a simple, easy to remember password can save you a lot of grief. If you use a name, common combination of numbers or a word that can be found in a dictionary as a password you're asking for trouble.
I thought the guy used the password recovery process for people who forget their password. They ask lame questions like, where were you born? What high school did you go to? etc. And since she answered those truthfully, he was able to look up the info rather than guess passwords.
I always lie to those questions, so no one could figure mine out.
Thank you. Very informative post and much appreciated.