The athletic wear company Under Armour disclosed Thursday that data tied to its fitness app was breached this year, affecting 150 million user accounts. The stolen information included usernames, email addresses and hashed passwords, the company said.
Under Armour said that the breach occurred in February, but the company discovered the hack only last week. Four days later, Under Armour said it began notifying users.
The company said it is continuing to investigate the incident and coordinating with law enforcement and "leading data security firms." It is not yet known who is behind the breach.
Under Armour did not provide any details about how the hackers were able to access the data.
The breach notice recommends that users review their accounts and avoid clicking links from suspicious sources. Users also will be required to change their account password. According to Under Armour, the app does not collect Social Security or driver's license numbers from users, so that information was not exposed. Credit card data was not breached either, the company said, because payment information is collected and processed separately.
The free app, MyFitnessPal, which has a paid option, lets users track the foods they eat over time, with features to log calories and different types of nutrients.
Under Armour declined to comment.
Under Armour's stock dropped more than 2 percent during after-hours trading.