Hackers can steal passwords and PINs by analysing your brainwave signals, a new study has found.

Researchers from the University of Alabama at Birmingham and the University of California Riverside collected data from electroencephalography (EEG) headsets, which sense the electrical activity inside a person’s brain.

Users who paused a game but left their EEG headset on while checking their password-protected accounts could be vulnerable to hackers, the researchers found.

They asked 12 people to use a physical keyboard to type a series of randomly generated PIN numbers and passwords into a text box while wearing a headset.

After they had entered 200 characters, an algorithm created by the researchers was able to make educated guesses about the PINs with a 43.4 per cent success rate, and six-character passwords with 37.3 per cent accuracy.

“These emerging devices open immense opportunities for everyday users. However, they could also raise significant security and privacy threats as companies work to develop even more advanced brain-computer interface technology,” said Nitesh Saxena, one of the study’s authors.

Facebook is working on mind-reading technologies that would let you type words “directly from your brain”.

It’s an ambitious vision that has caused concern amongst privacy advocates, and the company has refused to confirm or deny if it will use people’s thoughts to sell ads.

"In a genuine assault, a programmer could encourage the preparation step required for the malignant program to be most precise, by asking for that the client enter a predefined set of numbers keeping in mind the end goal to restart the diversion in the wake of stopping it to take a break, like the way CAPTCHA is utilized to confirm clients when signing onto sites," included Saxena.

The researchers have called for EEG headset manufacturers to start disrupting the signals when a user is logging into accounts.