The massive Yahoo data breach, with a loss of 500 million records, is disturbing enough. But remember that online data is a commodity that many want access to.

According to a story broken by Reuters, US intelligence agencies are among those who want to know what's going on. The report alleges that to comply with a secret government directive, Yahoo searched all income emails of all customers to look for some specific information.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency's demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time. It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Unlike other known cases, Yahoo had to write new software in 2015 to enable the real-time scanning.

Yahoo sent the following statement in answer to a request for comment: "Yahoo is a law abiding company, and complies with the laws of the United States."

In theory, if Yahoo did receive a security directive, it was responding to the laws of the United States. However, there have been cases where companies pushed back, like when Microsoft did not hand over email of a particular customer because it was stored on a server in Europe. Yahoo filed an unsuccessful lawsuit in 2014 in a clash with the National Security Agency over demands for large amounts of data about users.

Reuters says its sources were two former Yahoo employees and that CEO Marissa Mayer was responsible for the decision to comply. Reportedly, former company chief information security officer Alex Stamos quit his job in response.

The rules about how and when the government can obtain information from emails is complex, particularly when the emails are unopened and less than 180 days own.

It's also unknown whether other large providers of email services, such as Google and Microsoft, had also received similar directives.

The situation does raise the question about the inherent security and privacy of such third-party systems. Google has acknowledged scanning all emails to programmatically learn more about users and to better target advertising. Yahoo began similar scanning in 2013, also to enable matching ads to the context of emails.

Aside the concerns about government invasion of privacy, many should consider how much of their personal communications have been and will be turned into grist for someone else's purposes. This can include the most intimate and detailed information someone might communicate.