Tile confirms cyberattack, hacker accesses sensitive customer data

Tile, renowned for its portable Bluetooth trackers, has confirmed a significant cyberattack that compromised sensitive customer data. The breach, executed by an unnamed hacker, exposed customers’ names, postal addresses, email addresses, and phone numbers.

Life360, Tile’s parent company, acknowledged the breach in a statement, revealing that the hacker attempted to extort money from the company. The vulnerability exploited in the breach has since been addressed, according to Life360.

The breach was first reported by 404 Media, which disclosed that the hacker had used active login credentials that likely belonged to a former employee. These credentials granted the company’s systems access, enabling the hacker to initiate data access, location, and law enforcement requests.

Life360, known for processing location data requests for law enforcement, indicated that the hacker could search for individuals by phone number or other identifiers, allegedly scraping millions of entries from the service. 404 Media verified the authenticity of the stolen data, contacting several individuals listed in the database who confirmed the validity of their information.

A Tile spokesperson explained that an extortionist had contacted the company, claiming to have stolen customer data through a compromised Tile admin account. “Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform,” the spokesperson stated. The compromised support platform contained limited customer information, excluding more sensitive data such as credit card numbers, passwords, location data, or government-issued identification numbers.

The compromised account has since been disabled, but the fate of the stolen data remains unclear. There is no information on whether the hacker intends to sell the data on the black market.