As you mentioned, this breach is from 2013, so no matter how much they've stepped up their infosec game since the last breach the damage was already done.
The delay in them discovering the breach isn't that alarming either. If you didn't have systems in place to detect an intrusion, how do you retroactively find one? Companies usually don't find out until law enforcement contacts them or they accidentally stumble across the backdoor.
So, does Yahoo still have poor infosec? I'd guess so. But this newest breach isn't evidence of that, it only shows how bad their security was in 2013.
The delay in them discovering the breach isn't that alarming either. If you didn't have systems in place to detect an intrusion, how do you retroactively find one? Companies usually don't find out until law enforcement contacts them or they accidentally stumble across the backdoor.
So, does Yahoo still have poor infosec? I'd guess so. But this newest breach isn't evidence of that, it only shows how bad their security was in 2013.