Yahoo has said that the September announcement of the 2014 hack didn't hurt traffic to its services.
InfoArmor, which has tracked Group E for three years, doesn't believe that the group perpetrated the hack for a foreign government.
"Espionage has gone digital like so many other things our world", said Steve Grobman, chief technology officer at Intel Security.
Yahoo's stock price has plunged 12 percent to December 16 since the day in September when it revealed the half-billion-account hack.
Both lapses occurred during the reign of Yahoo CEO Marissa Mayer, a once-lauded leader who found herself unable to turn around the company in the four years since her arrival.
If you have an active Yahoo email, chances are pretty good you have already scrambled to make sure your account was not compromised because of the hack.
"Unauthorized third party accessed the company's proprietary code to learn how to forge cookies", Yahoo explained.
New York Attorney General Eric Schneiderman urged anyone with a Yahoo account to change their passwords and security questions and said he is examining the breach's circumstances and the company's disclosures to law enforcement.
Among the initial steps users can do include creating strong passwords, and change them when you have to.
The Yahoo breach should serve as a lesson to users that they can't assume that companies, even large multi-national tech companies, are doing security right, said John Shier, senior security adviser at Sophos. Those worries may be assuaged by the fact the intrusions do not appear to have compromised customers' financial data, and the unlikelihood of a mass defection of users because many customers consider switching email providers tedious.
What Yahoo users can do to secure their account1.
Security experts said the 2013 attack was likely the work of a foreign government fishing for information about specific people.
No court in DE, where Yahoo is incorporated, has ever found that a material adverse effect has occurred that would allow companies to terminate a merger agreement.
"When breaches are of significant size and sophistication, users should err on the side of caution and assume their information has been stolen, and take action to limit the consequences of that information being stolen", said Mr Michael Lee, a security evangelist at RSA Asia-Pacific and Japan.
Meanwhile, it's clear that Yahoo didn't do enough to protect its users.
The two major breaches could put Verizon's Yahoo acquisition in jeopardy.
Yahoo Inc came under renewed scrutiny by federal investigators and lawmakers on Thursday after disclosing the largest known data breach in history, prompting Verizon Communications Inc to demand better terms for its planned purchase of Yahoo's internet business.
Verizon had said it would reevaluate the Yahoo deal after the first hack, and said the same Wednesday after the latest revelation. Spokesman Bob Varettoni declined to answer further questions.
Rose and other security experts advise internet users to set up two-factor authentication - which requires a second data input beyond username and password - on all accounts for which it is available.
"We are confident in Yahoo's value and we continue to work toward integration with Verizon", the company said.
A United States cybersecurity firm claims Yahoo data stolen by hackers three years ago was sold on the dark Web for around $300,000.