July 17, 2024 at 12:34PM
A threat actor leaked personal data of over 440,000 Life360 customers by exploiting a flaw in the login API. The breach also impacted Trello accounts, and Life360 disclosed an extortion attempt linked to a separate Tile customer support platform breach. The exposed information includes names, addresses, email addresses, and phone numbers, with no indication of more sensitive data being compromised.
Based on the meeting notes, here are the key takeaways:
1. A threat actor, identified by the alias ’emo’, has leaked a database containing personal information of 442,519 Life360 customers. The data includes email addresses, names, and phone numbers which were obtained by exploiting a flaw in the login API.
2. The breach occurred in March 2024. Although Life360 has fixed the API flaw, further investigation is needed to determine the extent of the breach and the impact on affected users.
3. Additionally, the same threat actor leaked over 15 million email addresses associated with Trello accounts, exploiting an unsecured API in January.
4. Life360 also disclosed an extortion attempt after attackers breached a Tile customer support platform, obtaining names, addresses, email addresses, phone numbers, and device identification numbers. However, sensitive information such as credit card numbers and passwords was not compromised.
5. The company provides real-time location tracking, emergency roadside assistance services, and crash detection to over 66 million members worldwide.
These takeaways can help guide next steps and action items to address the data breaches and ensure the security of customer information.