A brief forensic consideration of the Yahoo Messenger Protocol (YMSG). …
YMSG is an instant messaging protocol for use by Yahoo Messenger and compatible instant messaging clients.
YMSG does not provide encryption. This can be mitigated with client-side encryption.
YMSG does not support Multiple Points of Presence (MPOP). If you log in to a second client — for example, from within the Yahoo Mail chat client — the first client is automatically logged out and is informed that you have signed on from another location. The second client receives no such message.
This provides a tripwire with which to detect someone accessing your account. When finished chatting set your presence to invisible instead of logging out. Leave the computer running. If an attacker enters your account, you will see that you have been logged out with the above message. Depending upon the client, you may be able to log the time of the occurrence.
YMSG on Wikipedia