Scott Dalton, Invision
The Under Armour shop at the new DICKS Sporting Goods store at Baybrook Mall in Friendswood, Texas on Tuesday, October 18, 2016. The store is one of six new locations now open for business in the Houston area. (Photo by Scott Dalton/Invision for DICK'S Sporting Goods/AP Images)

A data breach affected close to 150 million people who use the MyFitnessPal app, Under Armour said on Thursday.

Investigators said that about 150 million accounts were affected by the people’s usernames, email addresses and passwords may have been stolen in the breach.

However, Under Armour said that payment information has not been affected since Under Armour processes the payments separately from the app.

Under Armour also doesn’t collect any government information, like Social Security numbers or driver’s license information.

“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” Under Armour said in a statement. “The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”

The company first became aware of the data breach on March 25 after it noticed hackers broke into the system in February.

Under Armour has already notified individuals about the breach as it continues its investigation.

Under Armour acquired MyFitnessPal back in 2015 for $475 million. At the time, only 80 million people used the app, according to The Verge.

The app rose in popularity at the same time as fitness trackers, like FitBits and Apple Watches, many of which can connect with the app.

Shares for the company dropped 3.8 percent after the company announced that its data had been breached, according to CNBC.

1 comment on this story

Security researcher Troy Hunt told BBC News that Under Armour didn’t mishandle how it released information about the breach.

Hunt said Under Armour handled the breach better than Equifax and Uber, two companies that also had to release information about data breaches in the past.

“In many ways, this is just another day on the internet: a large online asset suffers a data breach and millions of usernames and passwords get leaked,” he told BBC News. "To its credit, Under Armour appears to have made an announcement on this within four days, and its method of password storage is quite robust.”