Yep, every single account login was stolen. Of course, the problem is that there were something like 3 billion of them, so the chances were slim your particular account would be attacked. Mine was supposedly in the data breach, but I only used the account for occasional testing purposes and nothing else. Someone could have broken in and learned almost nothing about me. It is a very high-effort, low-reward endeavor to attack these huge providers. Think of it this way. Almost any crummy thief can easily break into almost any house in seconds using basic tools, but most of us never experience this. Why? Because thieves are usually smart enough to go where they have a good chance of scoring, so they attack targets that are of higher value. Same with most of our email accounts.
Here's the story:
http://money.cnn.com/2017/10/03/tech...nts/index.html