Yahoo is now a part of Oath, as most of you know, and the company is now providing notice to additional users that their accounts have been affected by an August 2013 data theft. Having said that, Yahoo actually released some info regarding that back in December last year, and back then, the company said that over 1 billion user accounts have been affected by the security breach, after which the company started notified users they should change their security info on the site. According to some new info released by Oath, it seems like all accounts were affected by that data breach, all 3 billion of them.
Verizon actually acquired Yahoo a while back, and during the whole process, Verizon actually managed to obtain some new info regarding all that, which points to the fact that all accounts were affected, not just a third of them. As already mentioned, Yahoo is now notifying all of those additional users they should change their passwords, and preferably the security questions for retrieving said passwords, all in all, if you've been notified, you should change all the security info on the site. According to the source, the sure account information that was stolen back in 2013 did not include passwords in clear text, payment card data or bank account information, which is good to hear. Oath also says that the company is working closely with law enforcement on this case, in hope of finding out who stole all that info.
Chandra McMahon, Chief Information Security Officer at Verizon, added that Verizon is committed to highest security standards, and that the company is trying to be quite transparent, and keep their users well-informed. She also said that Verizon's investment in Yahoo is actually allowing Yahoo to enhance the security of its services. Yahoo e-mail is still popular with some users it seems, and if you've received a notification from Yahoo to change your security info on the site, you should do it. In case you have not, you probably will soon, but in any case, it would be best that you do it as soon as possible, regardless whether you've received a notification or not, just to be safe.