US stock broking firm TD Ameritrade has revealed a breach to one of its databases resulting in the theft of user data.

The company confirmed that, while online account numbers and passwords were not compromised, customer names, email addresses and phone numbers had all been stolen.

The database also contains Social Security numbers, although TD Ameritrade claimed that there is no evidence to suggest that the numbers were among the stolen data.

A spokesperson for the company told vnunet.com that the compromised database stored information on all of the company's 6.3 million customer accounts. It is not yet known how many customers were directly affected.

The breach came to light after an investigation into a surge of spam emails sent to TD Ameritrade customers.

The spokesperson confirmed that the spam was stock-related, but could not clarify whether the messages were part of a 'pump-and-dump' operation or served another purpose.

The exact nature of the breach was not disclosed, but TD Ameritrade and security firm ID Analytics, which was hired to help in the investigation, assured users that the breach had been fixed and that measures had been taken to prevent further break-ins.

Dave Marcus, security research and communications manager at McAfee, suggested that the breach was achieved with a mixture of break-in tactics.

"Based on TD Ameritrade's statements the attackers most likely used old-fashioned hacking, social engineering and a cocktail of malicious software, including password stealing Trojans and bots, to pilfer the customer data."