Life360 has confirmed that its subsidiary Tile has fallen victim to a data breach after a hacker recently gained access to the systems of the maker of Bluetooth-based key finders.
As reported by The Verge, the lone hacker responsible used stolen employee credentials to access Tile customer data including names, addresses, emails and phone numbers.
The story itself was initially revealed by 404 Media which had direct contact with the hacker. According to the conversation the outlet had with the hacker, the now exposed customer information came from a database used to help identify owners of specific Tile trackers.
In a statement, Life360 CEO Chris Hulls has provided further insight on the breach explaining that Tile’s parent company “recently became the victim of a criminal extortion attempt.” Apparently, the hacker emailed the company saying they had Tile customer information in their possession and tried to negotiate a ransom payment for it.
After this, Life360 conducted an investigation which led to it finding that a Tile customer support platform was accessed by an unauthorized person. This is where the customer information was stolen from, but fortunately, sensitive information like credit card numbers, passwords or location data wasn’t stolen as this particular support platform didn’t contain that type of data.
At this time, Life360 believes that the data breach was limited to that specific Tile customer support platform and was not more widespread.
In a statement to Tom's Guide via email, a Life360 spokesperson explained that the support platform is for internal use only and is used as part of a multi-phased process for initiating law enforcement data requests (404 Media initially reported that it was intended for law enforcement). They also explained that "Life360 maintains multiple layers of automated and human-intervention prior to responding to a law enforcement request for Tile user data. We have also challenged the legal sufficiency of warrants where appropriate."
Tile data breach: what to do now
Normally when we report on a data breach, it’s after the company in question has reported what happened to the authorities in the form of a data breach notification letter. In addition to how many customers are affected, these letters often include how the affected company will make things right with its customers.
From providing free access to the best identity theft protection services to offering free credit monitoring, there’s quite a lot a company can do after a data breach to restore trust with its customers. In this case though, it’s still too early to tell and we don’t know whether or not this is a widespread problem or isolated only to a small number of Tile customers.
As such, for the time being, it’s going to be up to you to take the necessary precautions to stay safe from any fallout after this data breach. Since we do know that names, addresses, emails and phone numbers were exposed, other cybercriminals could use this stolen data to launch targeted phishing attacks. For this reason, you need to be extra careful when checking your inbox or even when checking your mailbox in person.
Hackers can send you malicious emails that contain dangerous malware or they could even ship you a USB flash drive with malware pre-installed on it. Fortunately though, they won’t be able to steal your identity as the Social Security numbers of Tile customers weren’t exposed in this breach.
As Tile users ourselves, we will be following this story closely and we’ll keep you updated once we know more.