Tile’s parent company Life360 discloses data breach and extortion threat – SiliconANGLE

Life360 Inc., the company that owns the Tile location tracking company, has disclosed that it has recently become a victim of a “criminal extortion attempt” relating to stolen data.

Similarly to Apple Inc. and its AirTag, Tile produces small Bluetooth-enabled devices that help users locate and track items such as keys, wallets and bags. The devices work in conjunction with a mobile app, allowing users to find their lost items through the use of sound alerts or by viewing the last known location of the Tile tracker on a map.

According to Life360, the company received emails from an unknown actor claiming to possess Tile customer information. In response, they initiated an investigation into the potential incident and detected unauthorized access to a Tile customer support platform.

The investigation found that data that could have been potentially stolen included names, addresses, email addresses, phone numbers and Tile device identification numbers. Whoever gained access to the system did not have access to more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers because they were not present on the customer support platform.

“We take this event and the security of customer information seriously,” the company noted. “We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement.”

An unnamed hacker, who claims to be behind the breach, spoke to 404 Media, saying that “basically I had access to everything” and also admitted to demanding payment from Tile but did not receive a response.

The hacker did note that the data stolen did not include the location of Tile Devices and also claimed to have gained access by obtaining login credentials that belonged to a former Tile employee.

It’s unclear whether the hacker plans to release the stolen data, given that Tile didn’t respond or attempt a negotiation. Whether the data is released or not, it’s not a good look for a company that offers tracking devices to have data stolen, even if it wasn’t specific tracking data.

Image: Tile