Hackers Access Tile’s Internal Tracking Tools, Customer Data
Tile, known for its Bluetooth tracking devices, was recently hacked, according to a report from 404 Media. A hacker was able to gain access to Tile’s internal tools that are used for processing location data requests for law enforcement officers, and that gave the hacker customer names, addresses, email addresses, and phone numbers.
Data breaches are not uncommon these days, but Tile was not forthcoming about the attack and did not mention it until being contacted by 404 Media. The site learned about the breach from the hacker. Tile parent company Life360 published a statement about the attack on its website after being prompted to do so by 404 Media.
Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information. We promptly initiated an investigation into the potential incident and detected unauthorized access to a Tile customer support platform (but not our Tile service platform). The potentially impacted data consists of information such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types.
We believe this incident was limited to the specific Tile customer support data described above and is not more widespread. We take this event and the security of customer information seriously. We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement. We remain committed to keeping families safe online and in the real world.
While no location information was obtained, the incident is alarming because of the nature of the tool that the hacker was able to access. The hacker was able to get into Tile’s system using credentials from a former Tile employee, and was able to get into a tool that could be used to look up Tile customers by phone number. Part of that tool allowed for searching location history.
Tile told 404 Media that the hacker would not have been able to access location data from the platform that was attacked, but did not confirm whether the hacker had the appropriate authentication to perform a location request once the internal tool was accessed.
Tile is one of Apple’s main competitors in the item tracking space, with Tile’s trackers available as an alternative to Apple’s AirTags.
This article, “Hackers Access Tile’s Internal Tracking Tools, Customer Data” first appeared on MacRumors.com
Discuss this article in our forums