The personal details of around 150 million users of popular nutrition app MyFitnessPal, owned by sportswear brand Under Armour, have been accessed in a breach.
Over the weekend, Under Armour said usernames, email addresses and passwords were potentially stolen. However the company said the passwords were protected by strong encryption.
Payment information, which Under Armour collects and processes separately, has not been affected, according to the company.
The company is advising MyFitnessPal users to change their password immediately.
The MyFitnessPal website and app lets people track their calorie intake, diet and exercise routines.
Under Armour acquired the platform in 2015 for $475million, when MyFitnessPal had 80 million users.
Since then, it’s more than doubled in size, mainly by embracing a wide range of fitness trackers and wearables, all of which can be connected to the app.
“Four days after learning of the issue, the company began notifying the MyFitnessPal community via email and through in-app messaging,” Under Armour said in a statement.
“The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information. The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”
The event is the largest data breach this year and one of the top five to date, based on the number of records compromised, according to SecurityScorecard.
Larger hacks include 3 billion Yahoo accounts compromised in a 2013 incident and credentials for more than 412 million users of adult websites run by California-based FriendFinder Networks Inc in 2016, according to breach notification website LeakedSource.com.