Joining the unending list of companies to fall prey to hacking, Life360 announced on its blog this week that it was the victim of a recent criminal extortion attempt. Location-based service provider Life360, which bought tracking device maker Tile in 2021, revealed that it received emails from a hacker claiming to possess Tile customer data. Life360 investigated their claims and uncovered unauthorized access to a Tile customer support platform.
“The potentially impacted data consists of information such as names, addresses, email addresses, phone numbers, and Tile device identification numbers,” Life360’s CEO Chris Hulls wrote. “It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types.”
Unfortunately, that’s only part of the story. On Wednesday, 404 Media published a much longer piece than the Life360 blog that includes more information about the breach, direct quotes from the hacker responsible, and worrying details about Life360’s response.
According to the report, the hacker in question gained access to more than one of Tile’s internal tools, “including one that processes location data requests for law enforcement.” Other tools the hacker accessed were used to transfer Tile ownership between accounts, create administrative users, and send push notifications to users. The hacker claims they demanded payment from Tile but never received a response.
The hacker sent 404 Media samples of all the data they scraped, which included full names, full addresses, phone numbers, order details, and more. The site verified the data by trying to create accounts using the emails and contacting a few users via their stolen email addresses. 404 sent one user a trove of their own data, and they responded: “Yep, that would be me.”
When 404 Media contacted Tile, the company suggested that it didn’t know what data had been stolen. “Once you supplied us with additional data, we investigated further and determined that it is likely data from the impacted Tile customer support platform,” the company said.