Tile, best known for its small wearable Bluetooth trackers, has confirmed that it suffered a major cyberattack in which an anonymous hacker obtained sensitive data from its customers, including people's names, postal addresses, email addresses, phone numbers and more. .
Parent company Life360 confirmed the breach in a statement, adding that the hacker had tried to extort money from it, but noting that he had plugged the hole that made the breach possible in the first place.
Revealed by 404 Media, the hacker found active login credentials that likely belonged to a former employee, granting them access to the company's systems, where they were able to “initiate access to data, location or application requests from the company.” law”.
Data authenticity confirmed
Life360 is known for its work processing location data requests for police, meaning the hacker was able to search for people by their phone number or a similar identifier, apparently mining “millions” of entries from the service.
The publication obtained a small sample of the stolen data, as well as multiple screenshots, and was able to verify its authenticity. He contacted some of the people whose email addresses were listed in the database and they confirmed that the data was valid.
“Yeah, that would be me,” one person told 404 Media.
Tile told reporters that an “extortionist” contacted the company and claimed to have stolen customer data through a compromised Tile admin account.
“Our investigation found that an unauthorized party used certain administrator credentials to access a Tile customer service platform, but not our Tile service platform,” the company told 404 Media. “Tile's customer service platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or login credentials, location data, or government-issued identification numbers.”
The vulnerable account has since been deactivated, but we don't know what happened to the stolen data and whether the hacker plans to sell it on the black market or not.