Encrypted information has been accessed during a data breach at the password management service, OneLogin.
It affects "all customers served by our US data centre" and perpetrators had "the ability to decrypt encrypted data", according to The Register.
Those affected have been advised to visit a registration-only support page, outlining the steps they need to take.
Security experts said the breach was "embarrassing" and showed every company was open to attack.
OneLogin is a single sign-on service, allowing users to access multiple apps and sites with just one password.
In 2013, the company had 700 business customers and passed 12 million licensed users.