Under Armour is urging users of its fitness and nutrition app, My Fitness Pal, to change their passwords after hackers stole the data of around 150 million users.
The sports brand said it has involved law enforcement, and is investigating the source of the hack.
My Fitness Pal allows users to track their food intake and exercise daily. Information breached includes usernames, email addresses and passwords - but does not include any government ID or payment details.
The leak comes less than two months ahead of the implementation of the General Data Protection Regulation (GDPR) in the EU. Under this new law, international brands with user data in the EU will face fines for cyber security breaches, which will clock in at either 4% of their turnover or €20m (£18m) – whichever is higher.
Also coming in the midst of Facebook's Cambridge Analytica data crisis, the breach is thought to be the largest this year and one of the top five data breaches to date according to risk management consultancy SecurityScorecard.
Last year, Yahoo confirmed that around 3bn user accounts were hacked in 2013, in what is believed to have been the most significant breach in history.