Home Apple Tile Just Had a Security Breach

Tile Just Had a Security Breach

Lost object trackers can be helpful for keeping up with your stuff, and Tile trackers have been one of the most popular options for years. Sadly, like all hardware that interacts with the internet, it can be subject to breaches. Case in point: Tile trackers just suffered a breach, and you’ll want to keep reading if you own one.

A hacker has successfully breached the systems of Life360, the company that makes the Life360 app and also owns Tile trackers, stealing customer data including names, addresses, emails, and phone numbers. According to reports, the hacker exploited a tool used to respond to law enforcement requests. Thankfully, the hacker did not gain access to precise Tile location data, so no one will know where your keys are, but there’s still a lot of sensitive customer data that’s involved in the breach.

Life360, the parent company of Tile, confirmed the breach in a statement by CEO Chris Hulls. Hulls acknowledged the stolen data included Tile tracker IDs and revealed the hacker attempted to extort the company, prompting Life360 to involve law enforcement. While Hulls downplayed the extent of the breach, stating that “very little was accessed,” Life360 has not yet indicated whether affected customers will be notified. The company is continuing to cooperate with law enforcement in their investigation.

The hacker reportedly gained access using login credentials belonging to a former Tile employee, raising concerns about the company’s internal security practices. Screenshots provided to media outlets suggest the hacker had access to various internal tools, including those used to transfer Tile ownership, manage admin accounts, and communicate with users.

In an ideal world, if you’ve been affected by this hack, you should get a notification from Life360 on whether you need to take any action. It’s also not clear if other non-sensitive data that Life360 might have on you has been exposed—we’ve learned that, occasionally and depending on the company, “very little was accessed” can mean some fun credit card fraud. We’d imagine that if you need to do anything such as change passwords, you’ll be notified about it.

Source: The Verge

Source link