June 12, 2024 at 12:50PM
Life360, a safety and location services company, was targeted in an extortion attempt after a threat actor breached a Tile customer support platform. Sensitive information, excluding financial and location data, was accessed. Life360 is cooperating with law enforcement and reported the incident. The extent of customer impact is undisclosed, but the hacker likely used stolen credentials.
Key takeaways from the meeting notes:
1. Life360, a safety and location services company, was targeted in an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform.
2. Life360 provides real-time location tracking, crash detection, and emergency roadside assistance services to over 66 million members worldwide and acquired Bluetooth tracking service provider Tile in December 2021 for $205 million.
3. The stolen information includes names, addresses, email addresses, phone numbers, and device identification numbers of Tile customers. However, more sensitive information such as credit card numbers, passwords, log-in credentials, location data, and government-issued identification numbers were not compromised.
4. The attacker used stolen credentials of a former Tile employee to gain access to multiple Tile systems. The breach allowed the attacker to access customer information and perform various activities related to Tile devices.
5. It is unclear when the breach was detected and how many customers were impacted, with Tile declining to provide further details and stating that they are working with law enforcement.
6. There is uncertainty regarding whether the threat actor will release the scraped data, but such information is commonly sold on hacking forums or the dark web to enhance the threat actor’s reputation.