Hacker breaches Tile's internal systems, compromises customer data

Written on 06/12/2024


The company has since confirmed an extortion attempt.

AI SUMMARY

  • A hacker breached Tile’s customer support platform using the credentials of a former employee.
  • The hacker gained access to internal tools and customer data, such as names, addresses, emails, and phone numbers.
  • Tile confirmed the breach but assured that sensitive data like credit card numbers, passwords, and location data were not accessed.

Hackers have managed to break into the internal systems of Tile, a company known for its tracking devices, and steal sensitive customer information. As reported by 404 Media, the stolen data includes customer names, mailing addresses, email addresses, and phone numbers. However, it is notable that the hackers were unable to identify the location of Tile devices, which are used to track items such as keys and wallets.

The hackers are said to have accessed the system using login information that appears to belong to a former Tile employee. Screenshots provided by the hackers show access to various internal tools, including the ability to transfer ownership of Tile trackers, create administrator accounts, and send notifications to Tile users. The hacker also said that he had demanded a ransom from Tile but had not received a response.

According to the screenshots, one of the compromised tools allows users to request data access, location information, or law enforcement.

Following the report, Tile released a statement to 404 Media, confirming that an extortion attempt had been made and that unauthorized access had been gained using compromised administrative credentials. "Our investigation determined that certain administrative credentials were used by an unauthorized party to access the Tile customer support platform, but not our Tile services platform," Tile said.

The company admitted that it did not initially know the full extent of the breach until the publication provided it with a data sample for review.

Tile responds to security breach
Chris Hulls, CEO of Life360, Tile's parent company, addressed the breach in an official statement, emphasizing that the compromised platform contained limited customer information, excluding sensitive data such as credit card numbers, passwords, location data or government-issued identification numbers.

He further stated: "We have disabled the credentials and taken immediate steps to prevent future unauthorized access to the Tile customer support platform and related Tile customer data. At this time, we are confident that there is no future unauthorized access to the Tile customer support platform."