Under Armour has started notifying users of the MyFitnessPal app of a security breach that took place in late February 2018, and during which hackers made off with the personal details of nearly 150 million user accounts.
The company said it only discovered the breach four days ago, on March 25. Under Armour is still investigating the incident together with data security firms.
The hackers made off with usernames, email addresses, and hashed passwords. The passwords were protected with bcrypt, a secure hashing function.
Payment card data was not exposed because it was "collected and processed separately," said Under Armour in a data breach notification sent to the California Office of the Attorney General.
But even if bcrypt is considered a secure password hashing function, Under Armour is now asking all MyFitnessPal users to change their account passwords, just to be on the safe side.
The biggest danger is that MyFitnessPal users might see an increase in spam in the coming days, as the stolen data is not useful besides adding users' emails to spam lists.
The company is also warning users to not fall victims to phishing scams that may leverage the "security breach" to lure users on phishing sites.
Under Armor has also shared a copy of the email affected customers will receive.
MyFitnessPal is an app that helps users track diet and exercise plans. Under Armour acquired MyFitnessPal in February 2015.