Luke Pollack / Android Authority
TL;DR
- A hacker breached Tile’s customer support platform using the credentials of a former employee.
- The hacker gained access to internal tools and customer data, such as names, addresses, emails, and phone numbers.
- Tile confirmed the breach but assured that sensitive data like credit card numbers, passwords, and location data were not accessed.
A hacker has successfully breached the internal systems of Tile, a company known for its location-tracking devices, and stolen sensitive customer information. As reported by 404 Media, the stolen data includes customer names, physical addresses, email addresses, and phone numbers. Notably, the hacker did not obtain the locations of Tile devices, which are used to track items like keys and wallets.
The hacker reportedly accessed the system using login credentials believed to belong to a former Tile employee. Screenshots provided by the hacker show access to various internal tools, including those for transferring Tile tracker ownership, creating admin accounts, and sending notifications to Tile users. The hacker also mentioned that they demanded a ransom from Tile, which went unanswered.
According to a screenshot, one of the compromised tools allows users to initiate data access, location, or law enforcement requests.
In response to the report, Tile released a statement to 404 Media, confirming that an extortion attempt had occurred and that unauthorized access was gained using compromised admin credentials. “Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform,” Tile stated.
The company acknowledged that it was initially unaware of the full extent of the breach until the publication provided them with data samples for verification.
Tile responds to security breach
Chris Hulls, CEO of Life360, Tile’s parent company, addressed the breach in an official statement, emphasizing that the platform accessed contained limited customer information, excluding sensitive data such as credit card numbers, passwords, location data, or government-issued identification numbers.
He further stated, “We disabled the credentials and took swift action designed to prevent any future unauthorized access to the Tile customer support platform and associated Tile customer data. At this time, we are confident there is no continued unauthorized access to the Tile customer support platform.”
The breach serves as a stark reminder of the importance of robust security measures for companies that handle sensitive user data.