Suspicious activity ?

Link or no link, it's suspicious for Cox to have sent instructions to a Yahoo account.

not if cox email is backup for yahoo, like i use.

for lost yahoo pw, i can get a text message or cox email.

Which account do you think was "breached:"  Cox or Yahoo?  I thought it was Cox.  Does Cox require an alternate address?  I know Yahoo does.

If I have a Cox email account and the only warning from Cox is sent to another email account, I'd think something was phishy.

I'd log into my Cox account via bookmark not via provided link...if provided...and if there is no other warnings within my Cox account, it'd confirm something was phishy.

If Cox wanted me to change my password, Cox would have forced me to change my password on their login page while I was confirming potential phishiness.

i'm not sure if either one was breached.

i can't say that i've ever had an email to yahoo about my account, so i'm re-thinking my 1st statement.

nope, you don't change the cox pw on login page, only when logged into email/settings/change pw..

last fall i got a several emails from cox saying i had to change my email because of suspicious activity.

i finally figured out that i wasn't changing the pw on all the cell phones & multiple pings with the devices with wrong pw looked like someone was hacking me.

I didn't think anything was breached either...that's why I quoted it.

Yes, you're correct about the normal process to extemporaneously change your Cox password.  However, when Cox did have a breach a few years ago (maybe more), the page forced me to change and then to confirm my new password.  The login page wouldn't allow me to log in until changing.

Yeah, if devices without a Cox-assigned IP address try to access your account(s), Cox probably would suspect something.

Gmail used to persistently hound me about suspicious activities.  I have POP Peeper to check all my accounts and Gmail hated it.  I'd log into Gmail via browser (okay) then my POP Peeper would check for new email (yikes!).  Gmail reported activity from 2 different locations but it was from the same PC with the same IP addresses.  Google has since fixed that flaw.