Safety and location services company Life360 recently revealed that a threat actor had breached a Tile customer support platform and gained access to customer data. The data stolen included names, addresses, email addresses, phone numbers, and device identification numbers of Tile customers.
What Happened in the Tile Data Breach?
According to Life360 CEO Chris Hulls, “Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information.”
The data exposed in the Tile data breach did not include sensitive financial information like credit card numbers or login credentials. It also did not include location data as the customer support platform lacked such information.
Hulls stated “We believe this incident was limited to the specific Tile customer support data described above and is not more widespread.”
While Life360 did not provide specific details about how the breach occurred, 404 Media reported that the hacker had used stolen credentials of a former Tile employee to gain unauthorized access to multiple Tile systems.
The threat actor reportedly had access to tools that could help find Tile customers using phone numbers or private IDs. They could also initiate data access, location, or law enforcement requests using compromised tools. Other tools allowed functions like creating admin users and transferring device ownership.
The hacker was able to scrape customer names, addresses, emails, phone numbers and device IDs by sending millions of requests to a system without detection.
Extortion Attempt on Life360
After obtaining the customer data from the Tile data breach, the threat actor attempted to extort Life360. They sent emails to Life360 claiming to be in possession of the stolen Tile customer information.
Life360 reported the extortion attempt and data breach to law enforcement authorities. The company has also taken steps to secure its systems from future attacks.
It remains unclear whether or not the stolen customer data will be released by the hacker. Such data is often sold on hacking forums or dark web markets by threat actors for financial gain.
The Tile data breach once again underscores the need for companies to beef up security and properly respond to incidents. It also serves as a warning for customers to be vigilant of potential misuse of their personal information.