USERS of the popular smartphone app MyFitnessPal woke to unfortunate news after sportswear brand Under Armour announced millions of users were hacked in a significant data breach.

At least 150 million accounts have been compromised when an “unauthorised party” tapped into user accounts during February, an email to subscribers read. The company says it does not know who stole the data and the “investigation is ongoing”.

“On March 25, 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts,” the email, from Chief Digital Officer Paul Fipps, read.

“The affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function called bcrypt used to secure passwords.”

Does any one use MyFitnessPal and received the same email I received? pic.twitter.com/SIpGm8a7xP — Matt Young (@MattYoung) March 29, 2018

We've assembled an FAQ on our website and included a form where you can request more information. https://t.co/YeizxKmbCh — MyFitnessPal Staff (@MFP_Staff) March 30, 2018

Financial information including credit card details were not compromised, along with government-issued identifiers including driver’s license numbers. Payment card data was not affected because it is collected and processed separately, the company said.

“Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are co-ordinating with law enforcement authorities.”

The company has urged users to change their password immediately and to be aware of “suspicious activity”.

Even if they're not part of the breach. Tell your friends and family who use it about the MyFitnessPal incident. Make sure they don't recycle passwords. — Steve Ragan (@SteveD3) March 29, 2018

It’s actually pretty amazing how well @UnderArmour has handled this. A clothing company handled a data breach better than a social media company that profits off of the data it collects. Go figure. — Sam Medeiros (@Sam_Medeiros_) March 30, 2018

The company recommended users “be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data” and “avoid clicking on links or downloading attachments from suspicious emails”.

MyFitnessPal, a mobile app which tracks user’s diet and fitness activity, was acquired by Under Armour in 2015 for US$475 million. At the time MyFitnessPal had 80 million users and has more than doubled since.

Stocks in the company have dropped at least 4 per cent since the announcement.

Why are hackers going after MyFitnessPal? If you want to know about the 43 Oreos I ate this weekend, I will just tell you tbh — Liz Dueweke 🐾 (@LizDueweke) March 29, 2018

What scares me the most about the MyFitnessPal data breach is someone will know exactly how much f*cking pizza I really eat, and the last time I choked down a veggie was 2010. — Jacqui 🍷Is it wine o’clock?🍷 (@heyjacqui_) March 29, 2018

MyFitnessPal just emailed me letting me know they got hacked. Hope someone spent a lot of time and energy breaking into their system to see I'm still not cutting out carbs. — Randi Rankl (@RandiRankl) March 30, 2018

I think it’s fair to say the MyFitnessPal breach totally validates my choice to avoid working out at all cost. — bat (@mzbat) March 30, 2018

— You can change your password by logging into the full site while mobile app users should log in using the same username and password they use in the app. Once you’ve logged in, click the “My Home” tab, then “Settings,” then “Change Password.”