I had a Yahoo account entirely to use a Yahoo email list; I used to have it for Yahoo chat, but I haven't used that in years.

So I ignored the hack a few months ago. I also never got notified that I was vulnerable.

Just now I tried to log in to see if my password had been invalidated. Nope. It was my old insecure "pattern-based" password (myprefixYAHOO) that I use nowhere any more. Probably short enough to have brute forced with MD5 in a few minutes at most.

And yet...no spam sent from my account. No spam in my account (except some kind of announcement from "Aabaco, the new name of Yahoo Small Business" from a year ago. Just some of the mail from the email list that petered out over two years ago as the list transitioned into a Meetup group.

So I guess Yahoo either has considerably more than 1B users, or there were simply so many compromised accounts that they didn't bother trying to use all of them to send spam.

Changed the password just now to something secure "just because", but it's hard to care.

It's more that there's more then 1B accounts out there - remember that this isn't just "yahoo.com" that got affected, it's Yahoo, YMail, RocketMail, yahoo.co.jp (a HUGE community btw), and several others which all fall under the "Yahoo accounts" umbrella. Not every account was hacked by any means; terrifyingly, the number of accounts isn't nearly what you'd expect as a percentage of "Yahoo accounts".

Yahoo! Japan is separate from Yahoo! "worldwide". They actually run separate parallel infrastructure for many things, so I highly doubt YJP was part of the one billion accounts.

Makes me wonder what service or other sub-section of Yahoo actually got hacked, then. Doesn't seem to say in the article.