Life360 disclosed that it was the victim of a “criminal extortion” attempt from an unknown hacker who claimed to possess customer data from Life360’s Tile application that lets people attach small trackers to items such as keys, wallets, bikes, soccer bags and suitcases.
In a June 11 statement, Life360 said an investigation detected unauthorized access to a Tile customer support platform. The company said the potentially impacted data consists of information such as names, addresses, email addresses, phone numbers, and Tile device identification numbers.
Life360 was quick to add that the stolen data does not include more sensitive customer information, such as credit card numbers, passwords or log-in info, location data, or government-issued identification numbers because the Tile customer support platform does not contain these information types.
“We have taken and will continue to take steps designed to further protect our systems from bad actors, and we have reported this event and the extortion attempt to law enforcement,” read the statement.
No other details were shared by Life360 as to how its systems were impacted and if the company intended to negotiate a ransom payment.
404 Media reported on June 12 that the hacker said they obtained login credentials for a Tile admin system that the hacker believed belonged to a former Tile employee. Life360 has since disabled the credentials and blocked unauthorized access to its platform.
Piyush Pandey, chief executive officer at Pathlock, said in this case, it appears that access was given using the admin credentials of a former Tile employee, which points to an important tenant of identity security: the ability to have proactive visibility to the access and entitlements of users throughout the joiner, mover, leaver portions of the identity lifecycle.
“It also seems that there was a lack of multi-factor authentication, which may have thwarted access being granted with just a username and password,” said Pandey.
Anne Cutler, cybersecurity evangelist at Keeper Security, added that attackers exploiting compromised credentials to gain access to a Tile customer support platform emphasizes the need for robust cyber defenses. This includes implementing stringent password policies, securing privileged credentials and enforcing least privilege access.
“Admin accounts should only be granted minimal access necessary to their roles, significantly reducing the risk of cybercriminals gaining access to sensitive data and systems if an admin account is compromised,” said Cutler. “To further enhance admin account security, organizations should also prioritize continuous monitoring and auditing of admin activities.”