The personal details of around 150 million users of a popular nutrition app were accessed in a breach.
US fitness brand Under Armour, which owns the MyFitnessPal software, said usernames, email addresses and passwords were potentially stolen.
However the company said the passwords were protected by strong encryption.
The breach occurred in late February, but was only discovered on 25 March.
“The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident,” Under Armour said.
MyFitnessPal is an app that helps people track diet and exercise routines.
‘Just another day on the internet’
Leading security researcher Troy Hunt told the BBC the company appeared to handle the breach well.
“In many ways, this is just another day on the internet: a large online asset suffers a data breach and millions of usernames and passwords get leaked,” he said.
“To its credit, Under Armour appears to have made an announcement on this within four days, and its method of password storage is quite robust.”
Mr Hunt said this was a “vast improvement” compared to high profile data breaches suffered by the likes of Equifax and Uber in the past year.
Under Armour said it had been sending messages to users directly if they had been affected by the breach.
“The notice contains recommendations for MyFitnessPal users regarding account security steps they can take to help protect their information,” the firm said.
“The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”