U.S. safety and location services firm Life360 has confirmed the compromise of its Bluetooth tracking service subsidiary Tile's customer support platform, resulting in attempted data extortion, reports BleepingComputer.
Information exfiltrated by the unnamed attacker included Tile customers' names, addresses, phone numbers, email addresses, and device identification numbers, but not login credentials, credit card numbers, government-issued ID numbers, and other sensitive data, according to Life360 CEO Chris Hulls.
No additional details regarding the means of compromise or the extent of the incident were provided by Life360. However, such a breach was noted by the threat actor to have involved the exploitation of credentials stolen from a former Tile employee.
Numerous Tile systems, including a tool that facilitates customer discovery via phone numbers and private hash IDs, have been infiltrated using the stolen credentials, allowing the undetected scraping of data from Tile clients, said the hacker in a statement to 404 Media.