I just logged into some alt accounts and Yahoo forced me to update the password after login.
Also, if you had set up security questions/answers, disable them in your account settings. That information was unencrypted and is therefore compromised. Hope you didn't use those same questions/answers for other sites.
And, yeah, 2-factor set up on all accounts.