Verizon has demanded a $1bn cut in the $4.8bn price agreed last month to acquire Yahoo. It comes after a week in which the internet company was battered by revelations that it built an application to bulk-search customer emails on behalf US intelligence.
If true, it would be the first time that such a hefty price has been put on the implications of a security issue, while also demonstrating the importance of companies respecting the privacy of customers.
The application built by Yahoo was used to bulk-scan users' emails for images or evidence of child abuse, but was also ordered to find a 'signature' among users' emails that purportedly uniquely identified a non-US power.
The app was allegedly built in 2015 after the company received a demand from the US government for access to customer emails. It is unclear whether it was contested. Earlier reports suggested that CEO Marissa Mayer decided to comply with the order.
Later reports suggested that it came from the secretive Foreign Intelligence Surveillance Court, which adjudicates on US information security demands from the country's government and secret services.
The lack of clarity from Yahoo has only made matters worse, and its handling of the US intelligence demands in 2015 reportedly led to the departure of the company's chief information security officer, Alex Stamos, although Stamos has declined to comment.
The reports came straight after claims that Yahoo had covered up the full extent of an alleged hack of the company's email systems in 2014. A former executive claimed recently that the hack affected all three billion or so accounts and not the 500 million to which Yahoo has admitted.
It took Yahoo more than 12 hours to come out with a short statement rejecting the claims, which were made in a Reuters report that quoted three former employees of the company.
"The article is misleading. We narrowly interpret every government request for user data to minimise disclosure. The mail scanning described in the article does not exist on our systems," said Yahoo.
However, in a series of tweets, privacy campaigner Christopher Soghoian described the company's curt denial as "carefully worded", and said that Yahoo "has a history of putting out carefully written, deceptive denials when it comes to NSA surveillance".
Media to Yahoo: Did you eat all the cookies? Yahoo *with crumbs and smeared chocolate around mouth*: We do not have any cookies.
October 4, 2016
US telecoms and internet companies are known to have handed over bulk customer data to intelligence agencies, but former government officials and security experts polled by Reuters claimed that they had never heard of a company building its own application to effectively wiretap its own customers.
There are question marks over the legality of the US government demanding bulk data on US citizens' emails, but those laws don't apply to non-citizens.
The demands are likely to have been justified legally under 2008 amendments to the Foreign Intelligence Surveillance Act.
This allows the US government to demand customer data from US phone and internet companies that could help foreign intelligence-gathering under a number of justifications, including fighting terrorism.
Such demands can be contested in the secret Foreign Intelligence Surveillance Court, but the implication is that Mayer decided to comply with the order instead.
"Yahoo is a law abiding company, and complies with the laws of the US," the company said in a brief statement to Reuters.
Google and Microsoft, the company's two main rivals in online email, claimed that they have never received such an order and that they would vigorously contest any such demand.
Microsoft is currently fighting a US government demand for access to a user's email residing on a server in Ireland.
The revelations come as Yahoo is in the throes of a $4.8bn takeover by US telecoms company Verizon.
The disruption caused by the news could affect the course of the acquisition, but Verizon is no stranger to meekly submitting to US government information demands.
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets
IT security? We've heard of it, claim UK local authorities
Researchers claim first in race to manufacture a component able to host Majorana particles