The incident raised new questions among analysts regarding the viability of that deal and whether the valuation will need to be changed, especially if the hacks trigger litigation against the company.
“This is another major blow,” said Jeff Kagan, a Georgia-based telecommunications industry analyst. “It throws into question what’s really going on at Yahoo. And if you don’t really know what’s going on at Yahoo, does Verizon have the guts to buy a potential bomb? This company could explode with major problems and major losses.”
In the 2013 incident, Yahoo said that credit card and bank account numbers, which are stored separately, were not affected, but the breach did include some unencrypted “security questions” that the company uses to authenticate users.
Yahoo also reported a separate incident Wednesday in which hackers used what the company called “forged cookies” to gain access to some accounts, though it did not give the number. That incident, the company said, appeared to have links to the one announced in September involving “state-sponsored” attackers. Law enforcement officials said that breach, which happened in 2014, was probably the work of Russian hackers, though no final conclusion has been reached.