MyFitnessPal confirm user data, including email addresses and encrypted passwords, has been breached
Under Armour, which owns the MyFitnessPal software, said usernames, email addresses and passwords were potentially stolen.
However the company said credit card information was not accessed.
The breach occurred in late February but was only discovered on 25 March.
"The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident,” Under Armour said.
They emailed app users the following statement:
"The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” the firm said.
"The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”
MyFitnessPal is available on both Apple and Android.
Under Armour bought the company in 2015 for $475 million (£338m).
