Yahoo on Friday faced pointed questions about exactly when it learned about a cyberattack that exposed the email credentials of 500 million users, a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover by Verizon Inc.

The internet company has so far not provided a clear, detailed timeline about when it was made aware of the breach, announced Thursday. Yahoo blamed the incident on a "state-sponsored actor" but has not provided any technical information supporting that claim.

"We don't know a lot. We don't know how the bad guys broke in. We don't know when Yahoo first found out," said Jeremiah Grossman, chief of security strategy for SentinelOne and a former information security officer at Yahoo.