Sports gear maker Under Armour has reported a data breach of its MyFitnessPal mobile app, affecting some 150 million user accounts.
The Baltimore-based company said it had contacted law enforcement and outside consultants after learning of the breach.
Under Armour said it learned on 25 March of the breach of its MyFitnessPal application, which enables users to track activity and calorie intake using a smartphone.
It said an unauthorised party obtained usernames, email addresses, and "hashed" passwords, which make it harder for a hacker to ascertain.
The hack did not affect social security numbers, drivers’ licences or credit card data, according to the company.
"The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue," it said.
Users were being notified by email and messaging to update settings to protect account information.
The attack is the latest affecting companies with large user bases such as Yahoo, retailer Target and credit reporting agency Equifax.
Under Armour bought MyFitnessPal in 2015 for $475m.
It is part of the company's connected fitness division, whose revenue last year accounted for 1.8 % of Under Armour's $5bn in total sales.