It goes without saying that everyone with a Yahoo account should have changed their password and enabled additional layers of authentication by now. As this article details, basically everyone with a Yahoo account has been compromised per the 2013 breach.
https://nakedsecurity.sophos.com/2017/10/04/3-billion-yahoo-accounts-affected-by-2013-breach/