Life360 unveils unauthorized access to Tile customer support platform
Life360, the manufacturer of real-time location tracking device Tile, says it recently became the victim of a criminal extortion attempt.
The company received emails from an unknown threat actor, who claims to have stolen Tile customer information. “We promptly initiated an investigation into the potential incident and detected unauthorized access to a Tile customer support platform,” the firm says in a statement regarding the security incident.
According to Life360, the hacker possibly had access to private customer information, such as names, addresses, email addresses, phone numbers and Tile identification numbers. The Tile customer support platform doesn’t include more sensitive details, like credit card numbers, passwords, login credentials or government-issued identification numbers.
“We believe this incident was limited to the specific Tile customer support data described above and is not more widespread,” Chief Executive Officer (CEO) Chris Hulls says. He points out that the company considers the security and protection of customer information as the highest priority.
“We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement. We remain committed to keeping families safe online and in the real world.”
Hacker claims he had access to ‘everything’
According to 404 Media, the news outlet that first broke the story about the data breach, the hacker also gained access to certain internal Tile tools, including one that processes location data requests for law enforcement.
“Basically I had access to everything,” the hacker told 404 Media in an online chat. The hacker says he also demanded payment from Tile but didn’t receive a response.
The hacker said he gained access to the internal system of Life360 by obtaining login credentials that belonged to a former Tile employee. He claims that he was able to transfer Tile ownership from one email address to another. He could also create administrative users and send push notifications to Tile users. The attacker says he decided not to use these capabilities.
“This is a major breach, but it could have been much more major,” the hacker said to 404 Media.
Your email address will not be published. Required fields are marked