An online food and nutrition website and app said they suffered an unauthorised data breach of their users' information.
MyFitnessPal said it became aware of the issue on March 25, while the actual breach took place in February of this year.
In an email, the company behind the app, Under Armour, said the affected information included usernames, email addresses and hashed passwords.
However, it said this did not include payment card data as it is collected and processed separately.
It said: "The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident.
"Under Armour is working with leading data security firms to assist in its investigation, and also coordinating with law enforcement authorities."
It also said it is notifying users to provide information on how they can protect their data, requiring them to change their passwords immediately and monitoring for suspicious activity.
The company added that it does not know the identity of the unauthorised party, and that an investigation is ongoing.
It is thought up to 150 million accounts have been affected.
Chief digital officer at MyFitnessPal, Paul Fipps, said: "We continue to make enhancements to our systems to detect and prevent unauthorised access to user information.
"We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information."