The Opera browser has a handy feature for synchronizing browsing data across different devices. Unfortunately, some of the passwords and login information used to enable the feature may have been stolen from Opera’s servers.
Opera’s sync service is used by around 1.7 million people each month. Overall, the browser has 350 million users.
The Norwegian firm told its users that someone had gained access to the Opera sync system, and “some of our sync users’ passwords and account information, such as login names, may have been compromised.”
Get Data Sheet, Fortune’s technology newsletter.
As a result, Opera had to reset all the passwords for the feature, meaning users will need to select new ones.
What’s more, it’s also encouraging users to reset passwords for third-party sites that users had plugged into the service—the feature allows people to synchronize login information across devices, so it’s possible that these details were also compromised.
It’s worth noting that Opera claims it’s just being cautious here—it stores the synchronized passwords for third-party sites in encrypted form, and adds extra security (techniques called hashing and salting) for the passwords used to access the whole synchronization platform.
For more on passwords, watch our video.
However, the episode does at the least serve as a reminder of how risky it can be to hold access to a multitude of web services in one cloud-based basket—no matter how convenient the feature may be.
Recently, there has been no shortage of big web services resetting users’ passwords due to breaches or other security scares. Companies that have done so include Dropbox, LinkedIn (lnkd), Facebook (fb), Netflix (nflx) and Twitter (twtr).