Personal data from 150 million users of the MyFitnessPal dieting app has been compromised in one of the biggest hacks in history.
According to US sportswear brand Under Armour, which owns the app, the stolen data includes user names, email addresses and scrambled passwords. However, payment cards were not affected.
Users have been urged to change their passwords immediately, including those for other accounts where similar information was used on MyFitnessPal.
Maryland-based company Under Armour said in a statement that it first became aware of the security breach - which occurred in late February this year - on March 25 and began to inform users four days later.
The firm is now working with data security firms and law enforcement agencies to investigate the breach.
“We do not know the identity of the unauthorised party. Our investigation into this matter is ongoing,” a spokesperson said, adding that the company was bolstering systems that detect and prevent unauthorised access to user information.
The MyFitnessPal app allows customers to monitor their calorie intake and measure it against the amount of exercise they are doing using a database of more than two million foods. It was founded in 2005 by brothers Mike and Albert Lee before being bought by Under Armour in 2015.
Risk management consultancy SecurityScorecard told Reuters the data breach is the largest this year and one of the top five to date, based on the number of records stolen.
Larger hacks include 3 billion Yahoo accounts compromised in a 2013 incident and credentials for more than 412 million users of adult websites run by California-based FriendFinder Networks Inc in 2016, according to breach notification website LeakedSource.com.