In its latest SEC filing, Yahoo revealed information about the possibility of a state-sponsored attacker maintaining access to user email accounts by forging cookies, an attack method that can be used to bypass password protections.
"Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users' accounts or account information," Yahoo said in a filing with the US Securities and Exchange Commission.
The investigation is also moving in the direction of learning what company employees knew about the breach, and when.
Yahoo was in merger talks with telecommunications giant Verizon, but the deal has been put on hold, waiting for the outcome of the investigation.
Yahoo representatives claim that the breach was organized explicitly to lower its offer price and warned of possible legal action.
According to company statements, Yahoo users are currently safe from attack.