More than 150 million user accounts of the popular diet and fitness app MyFitnessPal have been hacked, its owners say.
US sportswear brand Under Armour, the app's owners, said in a statement that it first became aware of the security breach on March 25 and began informing users four days later.
It said the data had been stolen in late February of this year and that email addresses and passwords had been accessed but that payment details were unaffected because they are processed
The Maryland-based company said it was working with data security firms and law enforcement agencies to investigate the breach and urged all users to change their passwords immediately.
Under Armour added: "We do not know the identity of the unauthorised party. Our investigation into this matter is ongoing."
The app allows customers to monitor their calorie intake and measure it against the amount of exercise they are doing using a database of more than two million foods.
It was founded in 2005 by brothers Mike and Albert Lee.
