Data belonging to customers of Tile, which makes a small Bluetooth device for tracking objects, has been stolen in a security breach.
Life360, which owns Tile, said a hacker had breached a Tile customer support platform, stealing customer data that includes names, addresses, emails, and phone numbers, as well as Tile tracker IDs. However, precise location data linked to the Tile devices is not thought to have been accessed.
“Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt,” Life360 CEO Chris Hulls wrote in a statement published online on Wednesday.
Hulls said his company received emails “from an unknown actor claiming to possess Tile customer information.” An investigation that was “promptly initiated” into the potential incident “detected unauthorized access to a Tile customer support platform (but not our Tile service platform).”
The CEO added that the exposed data “does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types.”
Hulls said he believes the incident “was limited to the specific Tile customer support data described above and is not more widespread.”
The perpetrator reportedly gained access using login credentials belonging to someone who used to work at Tile, prompting questions about the company’s internal security setup. Screenshots sent by the hacker to 404 Media suggest they gained access to a number of internal tools capable of transferring ownership of a Tile tracker, adding admin accounts, and sending messages to Tile users.
The company is working with law enforcement on the matter, but doesn’t yet appear to have contacted Tile customers to inform them of the breach and advise them of any action to take. That could happen once it has a clearer understanding of the incident.
Life360 acquired Tile in 2021 in a deal worth $205 million.
