Crooks crack customer info at tracking device vendor Tile, issue 'extortion' demands

Who tracks the trackers?

Updated Life360, purveyor of "Tile" Bluetooth tracking devices and developer of associated apps, has revealed it is dealing with a "criminal extortion attempt" after unknown miscreants contacted it with an allegation they had customer data in their possession.

After being contacted by the attackers, Life360 detected unauthorized access to the Tile customer support platform – which contains customers' names, addresses, email addresses, phone numbers and Tile device identification numbers, according to a statement posted by CEO Chris Hulls.

The customer support platform does not, Hulls wrote, store "more sensitive information, such as credit card numbers, passwords or login credentials, location data, or government-issued identification numbers."

While Hulls's statement doesn't provide much detail, it notes that the attackers did not pop the tracking device maker's service platform.

The perps also demanded a ransom, we're told. Hulls didn't specify the amount sought, nor whether Life360 paid up.

A spokesperson declined to answer The Register's questions about the break-in, including how the crook accessed the Tile customer support system and details of the extortion demand.

"We have reported the incident to law enforcement and have no further details to share at this time," the spokesperson said, adding that additional steps have been taken to harden Life360's systems.

It's unclear if the thieves plan to sell or leak the customers' information. Whatever their plans, it's not a good look for a business that claims to "remain committed to keeping families safe online and in the real world," per Hulls' statement.

Tile, and its parent company, have also been sued by stalking victims who claim the tracking tech has "magnified" the danger posed to individuals by ex-partners and others. The class action case, filed in August 2023, accuses the companies of negligence, defective design, unjust enrichment, intrusion and privacy law violations. ®

Updated to add on July 22

This may or may not be connected with the above security breach but a database of 442,519 Life360 users, containing their email addresses, names, and phone numbers, has been leaked online. The records were obtained by abusing a login endpoint service in March.

More about

TIP US OFF

Send us news


Other stories you might like