Under Armour announced on Thursday that the breach affected an estimated 150 million users of its food and nutrition application, MyFitnessPal.
The investigation indicates that affected information may include usernames, email addresses, and hashed passwords.
Payment information, which Under Armour collects and processes separately, has not been affected by the breach. Under Armour does not collect government identifiers, like social security numbers and driver’s license numbers.
Under Armour first became aware of a potential breach on March 25, when company discovered an unauthorized party had accessed MyFitnessPal user data in February. Under Armour took steps to notify affected users, and is now is working with data security firms and law enforcement to assist in its investigation.