Tile users’ data exposed after hacker breached internal system – ET CISO
https://etimg.etb2bimg.com/thumb/msid-110955719,imgsize-155478,width-1200,height=765,overlay-etciso/data-breaches/tile-users-data-exposed-after-hacker-breached-internal-system.jpg
Tile, popular for its Bluetooth tracking devices, was recently hacked. According to a 404 media report, a hacker was able to access customer information like names, addresses, mobile numbers and email addresses through the company’s internal tools developed for responding to law enforcement requests about Tile trackers.
How hacker gained access
As per the report, the hacker gained access using login credentials of a former Tile employee. The screenshots provided by the hacker show that they had access to various internal tools, including those designed for transferring the ownership of Tile tracker, creating admin accounts, and sending notifications to users. The hacker also stated that they had also demanded a ransom from Tile.
Tile’s response to the breach
Chris Hulls, CEO of Life360, Tile’s parent company, addressed the breach in an official statement. Here’s what he said:
Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information. We promptly initiated an investigation into the potential incident and detected unauthorized access to a Tile customer support platform (but not our Tile service platform). The potentially impacted data consists of information such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types.
We believe this incident was limited to the specific Tile customer support data described above and is not more widespread. We take this event and the security of customer information seriously. We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement. We remain committed to keeping families safe online and in the real world.