Could life become any more uncomfortable for web company, Yahoo?

Last night’s revelation that the firm had been hacked two years ago, and that private information belonging to 500 million users had been stolen, poses a fresh round of challenges for a business that is already struggling.

And it also raises more questions than it answers.

First, there is the question of how it could possibly be that a hack of this magnitude went unnoticed by the company for quite so long?

For a firm whose lifeblood is user data, it seems stunning not only that security was not strong enough to prevent such an attack, but also that nobody in there copped it.

In fact the company admits it only came to light following a "recent investigation" – in other words when it emerged last month that hacking group Peace was allegedly selling Yahoo user information online.

Why though has it taken six weeks or possibly longer to get to the bottom of the situation, and why have Yahoo users remained in the dark in that interim period?

The extent of the breach also raises questions.

The haul included names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers.

In fact the only positive seems to be that sensitive user financial information such as credit card numbers were not taken.

But why were certain security questions and answers not encrypted – they are a fundamental part of a modern multi-factor authentication system?

The timing of all this could not be worse for Yahoo.

It had agreed a deal in July to sell its internet business to US telecoms giant Verizon for $4.8bn.

But last night's bombshell must surely raise questions about the completion of that deal?

What is particularly startling is that Verizon only learned about the issue in the last two days, and claims to have limited information about it.

If that is accurate, it is an admission that is certain to unsettle Verizon executives and shareholders, raising many questions.

Why did Verizon only become aware of the hack in recent days? Why has it not been told everything? Is there anything else it hasn’t been told? What does this mean for the valuation agreed between the two parties?

Indeed, it is arguably not overstating it to suggest that this event could even undermine the entire Yahoo business model, which is already shaky.

After all, if user data is its lifeblood, then trust is the heartbeat that keeps it coursing through the company’s veins.

For now, Yahoo users have been advised to change their passwords, if they have not already done so since 2014.

But questions too surround this course of action.

Will it prove too late for many users? Has the data breach already been the cause of identity theft, fraud, or the insertion of malware or viruses on users devices?

And if this is the case, then who will be held responsible?

Then there are the questions around Yahoo chief executive Marissa Mayer.

The 41-year-old was brought in four years ago with the sole aim of transforming the ailing fortunes of the once leading internet firm.

Yet, due in part to decisions she made, and others that she inherited, it has not worked out like that.

And although it was not previously clear what she would do once the Verizon takeover was finalised, her future at the company must now be in even greater doubt.

Away from the company itself, the incident also raises questions about who was behind it.

The firm says it has the hallmarks of being state sponsored, with experts pointing the finger at Russia as one possible perpetrator.

But if it really was state sponsored, then what was the motive?

And why was the information for sale on the internet, if the reason was political rather than financial?

In its hey-day Yahoo was a darling of the internet revolution, and became renowned for being responsible for many firsts.

Today, however, its future hangs in the balance as it fights to shake off the repercussions of achieving a first it hoped it never would: Becoming the victim of the largest known data breach in internet history.

Comments welcome via Twitter - @willgoodbody