LastPass acknowledges possible data breach

Password management service LastPass has issued a warning after the discovery of a possible security breach.

The company said that it may have experienced a breach which could have led to the loss of 'master passwords', which customers enter to log-in to the LastPass service.

In an alert published on the company's blog, LastPass said that the issue occurred earlier this week, when it noticed suspicious traffic patterns on its servers.

Analysis of the traffic uncovered a second traffic pattern, which could not be accounted for.

While the exact impact of the incident is unknown, the company is treating it as a breach of its password system.

"We know roughly the amount of data transferred and that it's big enough to have transferred people's email addresses, the server salt and their salted password hashes from the database," LastPass said in the posting.

"We also know that the amount of data taken isn't remotely enough to have pulled many users' encrypted data blobs."

The incident comes at a time when data breaches and account thefts are dominating headlines in the technology world.

Sony is still struggling to recover from a major security breach which has knocked its PlayStation Network service offline for more than two weeks and led to the company being summoned by Congress.

Security expert Brian Krebs argued that LastPass has done a better job of spotting and handling its security breach than Sony.

"LastPass seems to have done a good job designing a secure service, but it looks like it dropped the ball in testing and hardening its internal infrastructure," Krebs wrote in a blog posting.

"Still, its (apparent) transparency about what happened is a refreshing change from the brand of disclosure practised in the wake of other, much larger breaches of late."