The database of one billion Yahoo users was reportedly sold on the dark web last year for just $300,000 (around £240,000).
Yahoo this week admitted to the hack, which is unrelated to the breach that saw the information of 500,000 users pilfered back in September 2014, and warned that the credentials of one billion users had potentially been compromised.
Stolen user account information may have included names, email addresses, phone numbers, dates of birth, "hashed" passwords and, in some cases, encrypted or unencrypted security questions and answers.
This data has already been sold, according to Andrew Komarov, chief intelligence officer at InfoArmor, who told Bloomberg that three buyers - including two known spammers and an entity that appeared more interested in espionage - paid about $300,000 (or $0.0003 per account) each for a complete copy of the billion-user database.
Komarov noted that the database is still up for sale, though bids for it have now plummeted as low as $20,000 as Yahoo has forced a password reset.
"The Yahoo hack makes cyber espionage extremely efficient," Komarov said. "Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands.
"The difference of Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge."
Komarov told Bloomberg that more than 150,000 US government and military employees' details were also found in the database, which means that hackers could target those users' accounts to threaten national security.
These accounts reportedly belong to current and former White House staff, congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the US military.
Yahoo said in a statement that it could not Komarov's claims: "The limited InfoArmor data set provided to us by Bloomberg, based on initial analysis, could be associated with the data file provided to us by law enforcement.
"That said, if InfoArmor has a report or more information, Yahoo would want to assess that before further comment," it added.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display