The hack attack occurred in late February but the company were only made aware of the issue earlier this week.
Social security numbers, driver's license IDs and other government-issued data are also safe, the company said, as that data is not collected by the app.
Under Armour said the app's users along with law enforcement authorities have been notified about the hack, while leading data security firms are still investigating.
The company is also warning users to not fall victims to phishing scams that may leverage the "security breach" to lure users on phishing sites.
Under Armour's revenue only grew 3.1 percent to $4.98 billion last year and operating income declined year over year as the company's struggled in the USA market, the source of more than three quarters of its sales.
Paul Fipps - the chief digital officer for the MyFitnessPal app - said in a statement: "We understand that you value your privacy and we take the protection of your information seriously". We recommend logging into your account to change the password, but use a password manager such as KeePass or LastPass to generate a new password.
Under Armor acquired the nutrition-tracking platform in 2015 for $475 million.
It is thought up to 150 million accounts have been affected.
At present, the company says it is unaware of who may have stolen this data. It is also ramping up its systems that detect and prevent unauthorized access to user information. Avoid clicking on links or downloading attachments from such suspicious emails.