Under Armour said in a statement that it was notifying users of the application about the breach.
Founded in 2005, MyFitnessPal allows users to track their diet and exercise to determine how many calories they need to eat to meet weight loss goals. The app currently has about 225 million users, according to an Under Armour spokesperson.
The company said it became aware of the breach on March 25, and that the affected data did not include government-issued identifiers, such as Social Security numbers and driver's license numbers. Payment card data was also not affected.
No health information, such as users' weight and what they ate, was breached either, according to a person familiar with the matter who declined to be identified.
The passwords that were acquired were hashed versions of users' original passwords. Hashing transforms a password into another string of characters to make it more secure.
Hashed passwords, however, are still valuable information for hackers, according to Northeastern University Professor Engin Kirda.
"Having the hashes means that attackers can launch offline brute-force guessing attacks against these passwords and potentially crack many of them as users are often notoriously bad in choosing good passwords," Kirda said in a statement to BuzzFeed News.
As a result of the data breach, the company is urging users to change their passwords and be cautious of any suspicious emails or activity.