SAN FRANCISCO — More than a day after RSA security posted an “urgent” alert warning that a sophisticated intruder might be able to initiate a “broad attack” on a password device used by millions of customers, the announcement and its meaning remain shrouded in mystery.

RSA, a division of the data management company EMC Corporation, will not say how its system was compromised and what specific kinds of threats its customers are facing. But from its extremely limited disclosure on Thursday afternoon about what might have been taken, customers and computer security specialists are scratching their heads about what the risks may actually be.

There was wide bewilderment about the company’s claim that the intruder was “extremely sophisticated,” as it suggested that one of the nation’s premier security firms had no better security than dozens of companies that have fallen victim to a computer break-in that deceives employees and exploits unknown software vulnerabilities.

On Friday, a spokesman for RSA said it was briefing its customers individually but added that its executives were declining to speak publicly about the breach.