I don't use to much yahoo email, but just got some message about this when I opened one mail today.

This is a new record, 500-million accounts, and it's not a nice record to hold.

I'm also shocked that it has taken so long to come clean about this as it's gone back to 2014. Did they not know it had happened, and if they did, why was it not revealed.

That's a horrendous record to hold. I am also amazed at just how long it has taken for users to be made aware, surely some users will already know? Are Yahoo! telling us that the data was stolen 2 years ago, yet was never used to try and gain access to an account?

Mack.

I thought the data leak from Yahoo was common knowledge. Is this a different one?

I've been getting spam emails from Yahoo accounts for over a year. They are all the same format 'Hi Vordmeister then a link'. They have at least my friends' email addresses and their full names, also my email address and my name presumably from their address books.

Yes, it's been known for a while, and that's the point, Yahoo didn't seem to come clean about it. Additionally, it was as many as half a billion records.

While I can imagine a variety of doomsday scenarios, it is highly unlikely any of them will bare fruit. Put simply, I don't get the fuss about this. It sux, but for the vast majority of the yahoo mail owners, this will not impact their life in any way shape or form. I will be surprised if ANY user will be affected in any way from this leak.

I don't see how strongly these leaked passwords were protected. With a database this large you'll have people working to crack them. Even without the passwords they got the full name, e-mail and secret questions. You'd be surprised what can be done with that sort of information.

I will be surprised if ANY user will be affected in any way from this leak.

I'd have to respectfully disagree. This is a huge issue. It's a huge boon to the penetration testing community and hackers alike. For the users it's not just a matter of resetting their passwords and moving on. This information being available on the open market could jeopardize millions of accounts, not just at Yahoo, but all over the internet.

Remember the Mat Honan hack in 2012? [wired.com...]
They took over his entire life by social engineering Apple and then going on to take over the rest of his accounts. Just imagine what sort of social engineering could be undertaken with all of the Yahoo info.

It's a giant mistake to brush this under the carpet and continue in your complacent ways. You do so at your own peril.

Yes, even getting access to a live e-mail address is fodder for e-mail spammers, not to mention the possibility of the e-mail being used as a login on other sites.

I can tell you, from experience, the fresh meat alone in this incident is valuable to those wanting to take advantage.

Don't get me wrong. I fully understand what is the meaning to be hacked. My Yahoo mail was hacked back in 2010 and was used as a gateway for spam mail. After two day talks with the support center I managed to retain and somewhat clean my account. But in the end the fault was with me for not taking advantage of the additional security measures offered by Yahoo and other third parties. So in a nutshell, yeah leaking of data is bad, but at the same time with no-brainer security best practices in place, this data is irrelevant. So to worry that people will get hacked because they have bad security is like worrying that people will get scammed over the phone. The problem is on them as much as it is on the provider.

I have a good analogy I teach my clients every time the conversation goes towards the "security mumbo-jumbo". I tell them this:

"If you have a service that offers you to store your 10 oz gold bar on the street, would you believe them? Even if they go in to full lengths explaining their next generation security cameras, personal guards? Of course not. You'd want a vault and you'd want a key that only you and the bank owner can have access to." Same thing with digital security. It is as much responsibility of Yahoo as it is of their users to keep their data safe from harm, because the Interenet is a a big street, with many people walking on it with only one thing in their minds : How can I get this guys' gold bar?!

10 oz gold bar on the street,

Not quite on the street, but in the premises of a business.

Now, if it were a tin-pot Net business with few resources, you'd take your chances. Yahoo is (was) one of the biggest on the Net.

Two factor authentication would not have stopped this, and the theft of credential might not stop at spamming.

According to reports, Yahoo did not take the advice of security experts with the attention and dedication that was deserved.

When Marissa Mayer took over as chief executive of the flailing company in mid-2012, security was one of many problems she inherited. With so many competing priorities, she emphasized creating a cleaner look for services like Yahoo Mail and developing new products over making security improvements, the Yahoo employees said.

The “Paranoids,” the internal name for Yahoo’s security team, often clashed with other parts of the business over security costs. And their requests were often overridden because of concerns that the inconvenience of added protection would make people stop using the company’s products. Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say [nytimes.com]

Data which can be linked to any individual is gold to hackers and spammers. Why the COMPANY announcement took this long might relate to prior negotiations of selling the company "way back when" and other assorted financial concerns. One needs to keep these kind of things in mind when turning over your "data ... and life!" to others on the web. They are about them, not you.