Under Armour said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, sending shares of the athletic apparel maker down 3 percent in after-hours trade.
The stolen data includes account usernames, email addresses and scrambled passwords for the popular MyFitnessPal mobile app and website, Under Armour said in a statement. Social Security numbers, driver license numbers and payment card data were not compromised, it said.
It is the largest data breach this year, based on the number of records compromised and likely to go down as one of the 10 largest to date, according to Alex Heid, chief research officer with SecurityScorecard, which evaluates security risks of companies.
Under Armour said it is working with data security firms and law enforcement, but did not disclose whether its network had been hacked or how the information had been removed from its computer systems.
Company representatives could not be reached to elaborate.
While the breach did not include financial data, large troves of stolen email addresses can be valuable to cyber criminals.
Email addresses retrieved in a 2014 attack that compromised data on some 83 million JPMorgan Chase customers was later used in pump-and-dump schemes to boost stock prices, according to US federal indictments in the case in 2015.
- Bird of the Year competition hacked by fraudulent voter
- Newshub anchor Samantha Hayes' Instagram account hacked
Under Armor said in an alert on its website that it will require MyFitnessPal users to change their passwords, and it urged users to do so immediately.
"We continue to monitor for suspicious activity and to coordinate with law enforcement authorities," the company said, adding that it was bolstering systems that detect and prevent unauthorized access to user information.
Under Armour said it started notifying users of the breach on Thursday, four days after it first learned of the incident.
Under Armour bought MyFitnessPal in 2015 for US$475 million. It is part of the company's connected fitness division, whose revenue last year accounted for 1.8 percent of Under Armour's US$5 billion in total sales.