The investigation has found that the attacker is no longer in Yahoo's network. The internet giant said that it is working with law enforcement.
Early on Thursday Recode reported that Yahoo was set to confirm a major data breach impacting hundreds of millions of users.
Shuman Ghosemajumder, Chief Technology Officer of Shape Security, warns that the shockwaves from the breach could be felt far beyond Yahoo.
"Most stories will focus on Yahoo users, but the damage there appears to have been done months ago, and Yahoo will simply reset all their passwords so no further damage can be done," he said, in a statement emailed to FoxNews.com.
"The real issue now is that these passwords will be used to breach thousands of other websites unrelated to Yahoo."
Cybercriminals, he explained, could use advanced automated tools to discover where users have used those same passwords on other sites. The breach could also impact Yahoo's $4.8 billion sale of its core business to Verizon.
"Merger and acquisition deals always carry some level of risk - companies inherit each other's problems such as pending lawsuits, poorly manufactured products or regulatory violations," explained Steven Grossman, VP of strategy and enablement for cyber security specialist Bay Dynamics, in an email to FoxNews.com. "Cyber-related problems are also on that list, yet, even as more companies continue to fall victim to data breaches, cyber risk is not as high a priority as it should be."