Siegrist: We tend to look over traffic logs and look over what's going on with the networks pretty regularly. Anytime we find any outlier, we want to know why. We try to figure out what's pulling the data and moving the bits.

This one stuck out to us as abnormal because it happened at a time we didn't think anyone was working, and it was from machines that wouldn't be transferring a lot of data between each other. Because of that, it made us a little nervous, a little antsy, so we decided to go through the worst-possible potential case, even if we couldn't find any real supporting evidence that anything bad had occurred.

PCW: What do you know right now about what kind of data could have been taken or compromised

Siegrist: With the level and the scale of the transfer, we don't think a lot of data could have been taken--but certainly enough to cover people's usernames and [encrypted] passwords. That would be enough to set up a potential attacker so they could start going through and looking for people with weak master passwords without having to hit our servers. That's really the threat that we're concerned about and why we're handling it the way we are.

We know the machines involved have the users' encrypted blob data as well as the data for their usernames, their , and the for those hashes. Because of that and the size of the data, we don't think more than a couple hundred blobs could have been taken.