(Credit: Tile)
Mobile tracker company Tile was hit by a cyberattack that compromised private customer data.
Chris Hulls, CEO of Tile parent company Life 360, confirms that it's dealing with a "criminal extortion attempt" and "the potentially impacted data consists of information such as names, addresses, email addresses, phone numbers, and Tile device identification numbers."
Credit card numbers, passwords and log-in credentials, location data, and government-issued identification numbers are not at risk, Hulls says.
Hackers breached Tile after obtaining credentials that reportedly belonged to a former Tile employee, according to 404Media. The outlet spoke with the hacker and obtained screenshots of the tools they exploited, including those that allowed them to send out push notifications, transfer Tile accounts from one email address to another, and create new administrative users.
As 404Media notes, the hackers didn't access the location of existing Tile trackers, but the breach highlights how internal tools can be weaponized to steal sensitive customer data.
This comes shortly after cloud provider Snowflake was hacked, potentially giving scammers access to the data of 165 big-name clients. Both breaches were the result of compromised credentials; in Snowflake's case, it was hit by a group known as UNC5537. Google’s Mandiant security arms says that “every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials.”
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
