U.S. sports apparel maker Under Armour said the personal data of about 150 million users of its food and nutrition app and website MyFitnessPal was accessed by an "unauthorized" party in late February.

The company said it first became aware of the breach on Sunday, and began notifying users four days later via email and through in-app messaging.

The Baltimore-based retailer said it was working with authorities and data security firms to assist in the ongoing investigation.

"The investigation indicates that the affected information included user names, email addresses and hashed passwords," the company said in a statement Thursday.

"The affected data did not include government-issued identifiers (such as social security numbers and driver's licence numbers), which the company does not collect from users."

It also said that customers' payment data was not affected, because it collected and processed that information separately.

The company urged users of the program to change their passwords immediately and recommended other security steps that users could take to protect their information.

MyFitnessPal is mobile app acquired by Under Armour in 2015 that lets people track their calorie intake, diet and exercise routines.

Shares of Under Armour fell three per cent in extended trading on the New York Stock Exchange.