Under Armour on Thursday announced that over 150 million customers using MyFitnessPal, its nutrition tracking app, were hit by a data breach in late February, earlier this year.
According to Under Armour, they discovered the breach earlier this week and said that an “unauthorised party” had acquired this data. Once they were aware of the breach, they took steps to alert the users using in-app messages as well as email.
They are currently working with data security firms and coordinating with law enforcement authorities to get to the bottom of the breach.
"The investigation indicates that the affected information included usernames, email addresses, and hashed passwords—the majority with the hashing function called bcrypt used to secure passwords," the company said in a statement.
Under Armour said that the attackers would not have been able to access information such as users' Social Security numbers and driver's license numbers, or payment information, in the breach but usernames, email addresses, and password data were taken.
The company is now urging MyFitnessPal users to change their passwords immediately, along with reviewing any suspicious activity in their account. It has also warned its users to be cautious of any emails or unsolicited messages in light of the breach, and to not give away personal data.
The app lets people track their calorie intake, diet, and exercise routines, and was acquired by Under Armour in 2015 for $475 million.