Tracker company Tile hacked — police data provider says it faced "extortion" attempt following breach

Revealed by 404 Media, the hacker found active login credentials that most likely belonged to a former employee, granting them access to the company’s systems, where they were able to “initiate data access, location, or law enforcement requests.” 

Data authenticity confirmed

Life360 is known for its work processesing location data requests for the police, meaning the hacker was able to search for people either by their phone number, or a similar identifier - apparently scraping the service for “millions” of entries. 

The publication obtained a small sample of the stolen data, as well as multiple screenshots, and was able to verify its authenticity. It reached out to some of the people whose email addresses were listed in the database, and they confirmed the data was valid. 

“Yep, that would be me,” one person told 404 Media. 

Tile told the press that an “extortionist” contacted the company, claiming to have stolen customer data via a compromised Tile admin account. 

“Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform,” the company told 404 Media. “The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers.”

The vulnerable account has since been disabled, but we don’t know what happened to the stolen data and whether the hacker plans on selling it on the black market or not.

More from TechRadar Pro

• There are no insignificant breaches: Why all compromised data matters
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now