Security and placement companies firm Life360 says it was the goal of an extortion try after a menace actor breached and stole delicate info from a Tile buyer assist platform.
Life360 supplies real-time location monitoring, crash detection, and emergency roadside help companies to greater than 66 million members worldwide. In December 2021, it acquired Bluetooth monitoring service supplier Tile in a $205 million deal.
On Wednesday, Life360 revealed that an attacker breached a Tile buyer assist platform and gained entry to names, addresses, e-mail addresses, cellphone numbers, and machine identification numbers.
“Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information,” Life360 CEO Chris Hulls mentioned.
The uncovered knowledge “does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types,” Hulls added.
“We believe this incident was limited to the specific Tile customer support data described above and is not more widespread.”
Breached utilizing stolen credentials
Life360 didn’t disclose how the menace actor breached its platform, however the firm said that it had taken steps to guard its programs from additional assault and reported the extortion makes an attempt to regulation enforcement.
Moreover, the corporate has but to disclose when the breach was detected or what number of prospects have been impacted by the ensuing knowledge breach.
A Tile spokesperson refused to reply any of those questions, saying Tile is “continuing to work with law enforcement” and has “no other updates at this time.”
Whereas Life360 did not present many particulars relating to this breach, 404 Media reported on Wednesday that the hacker used what are believed to be the stolen credentials of a former Tile worker to achieve entry to a number of Tile programs.
The menace actor mentioned that one of many compromised instruments helps discover Tile prospects primarily based on their cellphone numbers or non-public hash IDs and “initiate data access, location, or law enforcement requests,” whereas others presumably allowed creating admin customers, pushing alerts to Tile customers, and switch Tile machine possession.
Nevertheless, the attacker scraped Tile buyer names, addresses, e-mail addresses, cellphone numbers, and machine identification numbers utilizing a special system by sending hundreds of thousands of requests with out being detected.
In the intervening time, it is unsure whether or not the menace actor will launch the scraped knowledge. Nevertheless, this sort of knowledge is often offered on hacking boards and darkish internet markets or launched without cost in an effort to enhance the menace actor’s fame.
