Pressure on Yahoo continued to grow after the internet search giant revealed that it was the victim of another huge hacking attack in 2013.
The company’s shares closed down more than 6% on Wall Street on fears that a planned sale to Verizon was in doubt.
Politicians and regulators called for action after Yahoo disclosed on Wednesday that more than one billion user accounts may have been breached.
That followed Yahoo’s disclosure in September of a huge hacking in 2014.
The 2013 breach, uncovered while cyber security experts and the police were investigating the 2014 attack that hit 500,000 accounts, is the largest data security hack in history.
According to reports in the US, telecommunications giant Verizon, which agreed to buy Yahoo’s core internet business in July for $4.8bn, is now trying to persuade Yahoo to amend the terms of the acquisition agreement to reflect the economic damage from the two hacks.
If Yahoo users and advertisers start deserting the company, that will reduce its value to Verizon.
Asked about the status of the deal, a Yahoo spokesperson said: “We are confident in Yahoo’s value and we continue to work towards integration with Verizon.”
Verizon had already said in October it was reviewing the deal after September’s breach disclosure. The company said on Wednesday that it would “review the impact of this new development before reaching any final conclusions” about whether to proceed.
Meanwhile, Democratic Senator Mark Warner said he was looking into Yahoo’s cyber security practices.
“This most-recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defences have been so weak as to have compromised over a billion users,” he said in a statement.
Mr Warner, who will become the top Democrat on the Senate Intelligence Committee next year, described the hacks as “deeply troubling”.
New York Attorney General Eric Schneiderman urged anyone with a Yahoo account to change their passwords and security questions, and said he is examining the breach’s circumstances and the company’s disclosures to the legal authorities.
Germany’s cyber security authority, the Federal Office for Information Security (BSI), advised German consumers to consider switching to safer alternatives for email, and criticised Yahoo for failing to adopt modern encryption techniques to protect users’ personal data.
“Considering the repeated cases of data theft, users should look more closely at which services they want to use in the future and security should play a part in that decision,” BSI President Arne Schoenbohm said in a statement.
The latest breach drew widespread criticism from security experts, several advising consumers to close their Yahoo accounts.
“Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it,” said Stu Sjouwerman, chief executive of cyber security firm KnowBe4
All copyrights for this article are reserved to bbc business