According to the company the MyFitnessPal team discovered the breach on March 25 and the culprit had gained unauthorized access to user accounts in February.
Under Armour reported that their investigation revealed that the compromised information includes usernames, email addresses and hashed passwords. Payment card data and government-issued identifiers are unaffected because the company stores that data separately.
UnderArmour notified MyFitnessPal users through email and app notifications on Thursday.
Users of the app are urged to change their passwords immediately. Under Armour said in statement that it is working with data security firms and law enforcement to investigate.