The database of one billion Yahoo users was reportedly sold on the dark web last year for just $300,000 (around £240,000).
Yahoo this week admitted to the hack, which is unrelated to the breach that saw the information of 500,000 users pilfered back in September 2014, and warned that the credentials of one billion users had potentially been compromised.
Stolen user account information may have included names, email addresses, phone numbers, dates of birth, "hashed" passwords and, in some cases, encrypted or unencrypted security questions and answers.
This data has already been sold, according to Andrew Komarov, chief intelligence officer at InfoArmor, who told Bloomberg that three buyers - including two known spammers and an entity that appeared more interested in espionage - paid about $300,000 (or $0.0003 per account) each for a complete copy of the billion-user database.
Komarov noted that the database is still up for sale, though bids for it have now plummeted as low as $20,000 as Yahoo has forced a password reset.
"The Yahoo hack makes cyber espionage extremely efficient," Komarov said. "Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence-gathering in the right hands.
"The difference of Yahoo hack between any other hack is in that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge."
Komarov told Bloomberg that more than 150,000 US government and military employees' details were also found in the database, which means that hackers could target those users' accounts to threaten national security.
These accounts reportedly belong to current and former White House staff, congressmen and their aides, FBI agents, officials at the National Security Agency, the Central Intelligence Agency, the Office of the Director of National Intelligence, and each branch of the US military.
Yahoo said in a statement that it could not Komarov's claims: "The limited InfoArmor data set provided to us by Bloomberg, based on initial analysis, could be associated with the data file provided to us by law enforcement.
"That said, if InfoArmor has a report or more information, Yahoo would want to assess that before further comment," it added.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago