At least 150 million accounts have been compromised when an “unauthorised party” tapped into user accounts during February, an email to subscribers read. The company says it does not know who stole the data and the “investigation is ongoing”.

“On March 25, 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts,” the email, from Chief Digital Officer Paul Fipps, read.

“The affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function called bcrypt used to secure passwords.”

Financial information including credit card details were not compromised, along with government-issued identifiers including driver’s license numbers. Payment card data was not affected because it is collected and processed separately, the company said.

“Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are co-ordinating with law enforcement authorities.”

The company has urged users to change their password immediately and to be aware of “suspicious activity”.

The company recommended users “be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data” and “avoid clicking on links or downloading attachments from suspicious emails”.

MyFitnessPal, a mobile app which tracks user’s diet and fitness activity, was acquired by Under Armour in 2015 for US$475 million. At the time MyFitnessPal had 80 million users and has more than doubled since.

Stocks in the company have dropped at least 4 per cent since the announcement.

— You can change your password by logging into the full site while mobile app users should log in using the same username and password they use in the app. Once you’ve logged in, click the “My Home” tab, then “Settings,” then “Change Password.”