A data breach affected close to 150 million people who use the MyFitnessPal app, Under Armour said on Thursday.
Investigators said that about 150 million accounts were affected by the people’s usernames, email addresses and passwords may have been stolen in the breach.
However, Under Armour said that payment information has not been affected since Under Armour processes the payments separately from the app.
Under Armour also doesn’t collect any government information, like Social Security numbers or driver’s license information.
“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging. The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” Under Armour said in a statement. “The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”
The company first became aware of the data breach on March 25 after it noticed hackers broke into the system in February.
Under Armour has already notified individuals about the breach as it continues its investigation.
The app rose in popularity at the same time as fitness trackers, like FitBits and Apple Watches, many of which can connect with the app.
Shares for the company dropped 3.8 percent after the company announced that its data had been breached, according to CNBC.1 comment on this story
Security researcher Troy Hunt told BBC News that Under Armour didn’t mishandle how it released information about the breach.
“In many ways, this is just another day on the internet: a large online asset suffers a data breach and millions of usernames and passwords get leaked,” he told BBC News. "To its credit, Under Armour appears to have made an announcement on this within four days, and its method of password storage is quite robust.”