[heroprotagonist]

Well, it is just anecdotal. Feel free to withhold judgement, it is just an anonymous internet comment instead of a detailed report from a thorough study. I'm certainly not giving you my CV. However, I was referring to what I saw of their stance towards their own security, rather than toward the privacy of their customers.

Still, I think the point that there's more for Verizon to worry about from Yahoo than the direct impact of the exposed customer data is a valid one. Failure to discover (if we believe them), or at least a failure to disclose, a breach for close to two years, does not speak well for them. Maybe this breach was only possible during some temporary time period two years ago, but it's also possible that whatever allowed the breach was open for a long time, allowing further opportunity to exploit other services on their network. The claim that it was possibly a 'state actor' either means they don't know and are covering their incompetence, or it was a fairly advanced threat that could potentially still be in place or even have expanded its footprint since 2014.