Diet and fitness tracking app MyFitnessPal experienced an unauthorised data breach in February, which they became aware of on March 25.
While they do not know who the unauthorised party is, an investigation is underway.
The information affected by the data breach includes usernames, email addresses, and hashed passwords.
Payment card data is collected and processed separately, though, so it was not affected.
Under Armour, who own the popular app, wrote in an email: "Once we became aware, we quickly took steps to determine the nature and scope of the issue.
"We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities."
It is believed that about 150 million accounts have been affected by the breach, BreakingNews.ie reports.
They are taking steps to protect users, including notifying the app's users on how they can protect their data, requiring users to change passwords, continuing to monitor for suspicious activity, and enhancing their systems 'to detect and prevent unauthorised access to user information'.
Paul Fipps, the chief digital officer at MyFitnessPal, stated: "We continue to make enhancements to our systems to detect and prevent unauthorised access to user information.
"We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information."
Under Armour recommended that those who have the app change their password for any other account in which they used the same or similar information they used for MyFitnessPal.
As well, they said that users should review their accounts for suspicious activity, be wary of unsolicited communications that ask for personal data or send them to a site asking for personal data, and avoid clicking on links or downloading attachments from suspicious emails.