In a recent report, it has been revealed that a hacker managed to obtain personal information on customers of the popular Bluetooth tracker brand, Tile. The owner of Tile, Life360, confirmed that the stolen data includes names, addresses, email addresses, phone numbers, and Tile device ID numbers. However, it was emphasized by Life360 CEO Chris Hulls that sensitive information such as credit card numbers, passwords, other login credentials, location data of Tile devices, or government-issued ID numbers were not part of the breach.
Chris Hulls addressed the situation in a statement, disclosing that Life360 was targeted in a criminal extortion attempt. The company received emails from an unknown actor claiming to have access to Tile customer information, prompting an immediate investigation. It was discovered that the unauthorized access occurred on a Tile customer support platform, not the main Tile service platform.
Regarding the extent of the stolen data, Hulls clarified that it was limited to customer names, physical and email addresses, and device IDs. He ensured that steps were being taken to enhance the security of systems and that law enforcement was informed about the incident and extortion attempt. Hulls reiterated Life360’s commitment to safeguarding families both online and in real life.
In a concerning development, it was reported by 404 Media that the hacker managed to delve deeper into Tile’s internal tools beyond accessing user data. The intrusion allowed unauthorized access to tools, including one utilized for processing location data requests submitted by law enforcement.
The hacker claimed to have used login credentials purportedly belonging to a former Tile employee to penetrate the customer support systems. Tile confirmed that these credentials were subsequently deactivated. The stolen information also comprised order and return details, as well as the payment methods employed by customers. Additionally, the hacker could access functions enabling ownership transfers of Bluetooth trackers, creation of administrator accounts, and sending push notifications, although they reportedly refrained from utilizing these capabilities.
The incident underscores the constant threat posed by cybercriminals and the importance of robust security measures to safeguard customer information. Companies like Life360 and Tile are now faced with the task of fortifying their systems to prevent future breaches and protect user privacy. As technology continues to advance, the significance of cybersecurity measures cannot be overstated in ensuring the safety of personal data and maintaining trust with consumers.