The user names, encrypted passwords and email addresses of at least 150m subscribers to the app, owned by US firm Under Armour, were stolen in February, the company said in a statement.
Under Armour only discovered the breach this week and quickly moved to reassure customers, announcing that it was investigating the incident.
"On 25 March 2018, we became aware that during February of this year an unauthorised party acquired data associated with MyFitnessPal user accounts," chief digital officer Paul Fipps wrote in an email to customers.
"The affected information included usernames, email addresses, and hashed passwords - the majority with the hashing function called bcrypt used to secure passwords.
"Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are co-ordinating with law enforcement authorities."
No credit card details or financial data were taken, however, and the company has been applauded for its quick response by security experts.
MyFitnessPal tracks subscribers' calorie counts and gym routines - leaving many understandably anxious that their highly personal information could be made available online.
Under Armour bought MyFitnessPal in 2015 for $475m (£338m) and has since more than doubled its subscriber-base from 80m.
Shares in the company fell by four per cent after it made news of the breach public.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies