Title: Massive Data Breach at Tile Exposes User Information and Triggers Ransom Demand
In a recent data breach incident, one of the leading Bluetooth location tracking device suppliers, Tile, had the personal information of millions of its users potentially exposed, sparking a ransom demand.
According to a report from 404 Media, hackers utilized stolen credentials from a former Tile employee to access internal tools within the company and breached multiple Tile systems to steal sensitive data. This data included tools used to transfer ownership of Tile trackers, create administrator accounts, and send user notifications, as shown in screenshots provided by the hackers.
On June 11, 2024, Tile’s parent company, Life360, specializing in location data, announced that unauthorized access had been detected in their customer support platform. The company stated that Tile became the target of a “criminal extortion attempt” when an unidentified party claimed to have access to Tile customer information.
Upon investigation, it was found that unauthorized access had occurred on the Tile customer support platform but not on the Tile service platform. Assuring users that no financial data, passwords, or location information had been compromised as these were never stored on the platform, sensitive data such as names, physical addresses, email addresses, phone numbers, and Tile device identification codes could have been exposed.
CEO Chris Hulls of Life360 stated, “We believe that this incident is limited to the specific Tile customer support data described above and does not have broader applicability.” He reiterated the company’s commitment to protecting customer information and taking measures to safeguard their systems from malicious actors.
It is important to note that the news release does not apply to users outside the United States, as depicted in screenshots provided.
The company has reported the incident and extortion attempt to law enforcement. However, this event highlights the vulnerability of user location tracking companies and how they have become targets for hackers.
With email addresses exposed, Tile users are advised to beware of phishing attempts, remain vigilant against requests for personal information or login credentials via email, and monitor suspicious activities related to Tile accounts and bank accounts.
Piyush Pandey, CEO of identity and access security provider Pathlock, commented on the data breach, pointing out various factors involved, including potential threats from former or disgruntled employees and a lack of security protocols.
“In this scenario, access permissions appear to have been granted using management credentials of a former Tile employee, showcasing a critical aspect of identity security—being able to proactively understand user access and permissions throughout the identity lifecycle of join, move, and leave processes.”
Furthermore, multi-factor authentication could render situations where access is based solely on usernames and passwords obsolete. Piyush added, “This vulnerability also underscores the importance of ensuring the security of service account access alongside protecting core business line applications.”
Callie Guenther, Senior Manager of Network Threat Research at Critical Start, emphasized the significant threat intelligence impact following a data breach incident, including targeted extortion, supply chain vulnerabilities, data sensitivity, incident response, and more. Callie recommended taking measures to protect administrator accounts in the aftermath of a data breach.
Reference Source:
Location Tracker Firm Tile Hit by Data Breach, Hackers Access Internal Tools