Highlights:

  • The inquiry revealed that names, addresses, phone numbers, email addresses, and Tile device identifying numbers were among the information that might have been compromised.
  • Tile remained silent and made no move to engage in negotiations. It is unclear if the hacker intends to make the stolen data public.

Life360 Inc. declared facing extortion attempt associated with breached data. It is the parent company of Tile, a location-tracking company.

Like Apple Inc. and its AirTag product, Tile manufactures tiny Bluetooth-enabled trackers that assist customers in finding and monitoring objects like wallets, backpacks, and keys. With a smartphone app, the devices enable users to locate misplaced objects by displaying the Tile tracker’s last known location on a map or using sound warnings.

Life360 claims that an unidentified person emailed the firm purporting to have Tile customer information. As a result, they started looking into the possible occurrence and found evidence of illegal access to a Tile customer service platform.

The inquiry revealed that names, addresses, phone numbers, email addresses, and Tile device identifying numbers were among the information that might have been compromised. More private data, such as credit card numbers, passwords or login credentials, location information, and government-issued identification numbers, were not accessible to whoever broke into the system since they were not stored on the customer service platform.

“We take this event and the security of customer information seriously. We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement,” the company stated.

In an interview with leading media house, an anonymous hacker who claims to be the source of the breach stated that “basically I had access to everything” and that he had demanded money from Tile but had not heard back.

Although the hacker acknowledged that the position of Tile devices was not included in the stolen data, he nevertheless claimed to have gotten access by using login credentials that belonged to a former Tile employee.

Given that Tile remained silent and made no move to engage in negotiations, it is unclear if the hacker intends to make the stolen data public. Even if the stolen data wasn’t specifically tracking data, it still doesn’t look good for a corporation that sells tracking devices, whether the information is made public or not.