Sports apparel merchant Under Armour has become the latest victim of a massive digital theft of sensitive information about tens of millions of customers.

The Baltimore company disclosed Thursday that an intruder grabbed the email addresses and login information during a February break-in affecting about 150 million users of its food and nutrition website, MyFitnessPal.

Under Armour says the hacker didn't obtain any payment information, Social Security numbers or driver's license numbers. That means this break-in is unlikely to require credit and debit cards to be replaced or raise the specter of identity theft, as happened with big breaches affecting retailer Target and credit reporting agency Equifax that resulted in the departures of their CEOs

Still, Under Armour says it is requiring all MyFitnessPal users to change their passwords.

Cybersecurity experts say that the passwords are important. Hackers with access to the passwords may be able to break into other accounts used by users. Experts say that users often use the same password for multiple sites.

Affected users may also start to see malicious emails that try to con the user out of their information.

“They'll take you to sites that look like real websites where you're asked to enter your credentials,” says Jeff Bernstein, a cybersecurity expert with Critical Defence.

Bernstein says the apps like MyFitnessPal are easy targets for hackers.

"For the simple reason because applications are where the data resides,” he says. “They've rushed these mobile apps out to the marketplace and haven't done the same due diligence with the mobile apps."

Affected users should change their passwords and also review any of their online accounts for suspicious activity. They should also be wary of any communications asking for personal information.

Bernstein says he expect regulators to come down hard on Under Armour when it comes to penalties. Under Armour says it's working with investigators to find out who did this.