Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Tracker company Tile hacked — police data provider says it faced "extortion" attempt following breach

Data leak.

Tile, best known for small portable bluetooth trackers, has confirmed suffering a major cyberattack that saw an unnamed hacker obtain sensitive customer data including people’s names, postal addresses, email addresses, phone numbers, and more.

Parent company Life360 confirmed the breach in a statement, adding the hacker had tried to extort it for money, but noting it had plugged the hole that made the breach possible in the first place.

Revealed by 404 Media, the hacker found active login credentials that most likely belonged to a former employee, granting them access to the company’s systems, where they were able to “initiate data access, location, or law enforcement requests.” 

Data authenticity confirmed

Life360 is known for its work processesing location data requests for the police, meaning the hacker was able to search for people either by their phone number, or a similar identifier - apparently scraping the service for “millions” of entries. 

The publication obtained a small sample of the stolen data, as well as multiple screenshots, and was able to verify its authenticity. It reached out to some of the people whose email addresses were listed in the database, and they confirmed the data was valid. 

“Yep, that would be me,” one person told 404 Media. 

Tile told the press that an “extortionist” contacted the company, claiming to have stolen customer data via a compromised Tile admin account. 

“Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform,” the company told 404 Media. “The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers.”

The vulnerable account has since been disabled, but we don’t know what happened to the stolen data and whether the hacker plans on selling it on the black market or not.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.