There are several possibilities:
1. Those accounts have been compromised. I believe Don's email was through AT&T. I don't know about Clyde's. AT&T and Yahoo use the same mail servers, and are frequently compromised. These email accounts are compromised en masse, so it isn't as if having a secure password would help. Any addresses and emails in any accounts on the compromised server can then be compromised. With a bit of work, the accounts can then be manipulated. Worse, things can be charged to any affiliated accounts. I hope that Don's account has been deleted.
2. Someone probably pulled receiving email addresses from a group email. Since AT&T has no SPF record, anyone can easily spoof any AT&T, Yahoo, SBCGlobal, etc email address. This is a prime reason for avoiding the use of free email addresses.
3. One of the people who used to email both Don and Clyde has gotten a virus. If you put your heads together, you could probably figure out who it is. To avoid this, I used to have people put a gibberish email address in their address book, starting with !!. That puts it as the first entry in the address book. Emails sent out would reject from that email address, and you'd know you were infected. Unfortunately, most mail servers and clients got wise to that, and so did the virus writers.
You already know this, but for other readers, don't click on the links in those emails.