The stolen data "may allow the threat actors to identify government employees very quickly," he said.
The FBI has only said its investigating the Yahoo hack, and on Wednesday, the agency didn’t provide any new details.
Yahoo also hasn't mentioned who might have pulled off the intrusion, except to say an "unauthorized third party" was involved.
Still, the recent data breaches at the company highlight the need for the tech industry to constantly be on guard against cyber threats, a security expert said.
“The lesson is clear: no organization is immune to compromise,” said Jeff Hill, director of product management for security provider Prevalent, in an email. “Criminal actors can do significant damage in days and weeks; give them years, and all bets are off."
Sign up for CIO Asia eNewsletters.