The user account information that was hacked included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
The forensic experts are currently examining certain evidence and activity that indicates an intruder created cookies that could have allowed him to bypass the need for a password to access certain users’ accounts or account information.
However, the firm said that the investigation conducted on the cyber attack indicated that the stolen information did not include unprotected passwords, payment card data, or bank account information.
Yahoo said in the filing: “Payment card data and bank account information are not stored in the system that the investigation found to be affected.
“Based on the investigation to date, we do not have evidence that the state-sponsored actor is currently in or accessing the company’s network.”
The company incurred expenses $1 million related to cyber attack in the quarter ended 30 September 2016.
Regarding the Verizon deal, Yahoo said that it is expected to close in the first quarter of 2017.