Hackers invade the internal tools of the lost property tracker 'Tile' and steal customer data such as phone numbers and addresses, and data processing tools for police are also affected



It turns out that hackers used login credentials believed to belong to a former employee to access internal tools and steal information from the lost item tracker Tile.

Hacker Accesses Internal 'Tile' Tool That Provides Location Data to Cops

https://www.404media.co/email/b2f3b3e8-64a2-4f91-b0b7-8c6220721ecb/



Life360 confirms a hacker stole Tile tracker IDs and customer info - The Verge

https://www.theverge.com/2024/6/12/24176889/tile-life360-customer-data-breach-hacker-extortion

According to 404 Media, hackers gained access to internal tools at Tile and stole a ton of customer data, including names, addresses, email addresses, phone numbers, information about orders and returns, and details of the payment methods used. This included location processing tools that Tile uses in response to requests from law enforcement, but did not include Tile's location data itself.

In response to an investigation by 404 Media, the hacker said that he had 'essentially gained access to all of the information' and that he demanded payment from Tile, but has not received a response.



According to the information shared by the hacker, Tile has internal tools to allow users to transfer ownership of a Tile from one email address to another, create admin users, send push notifications to Tile users, and more, all of which the hacker had access to.

Tile released the following statement regarding this matter:

'Recently, a hacker contacted us claiming to have accessed systems and customer data using administrator credentials leaked from our company. We immediately began investigating this incident. Our investigation determined that certain administrator credentials were used by an unauthorized party to access our Tile customer support platform, but not our Tile services platform. The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not contain more sensitive information, such as credit card numbers, passwords, login information, location information, or government-issued ID numbers.'

'We disabled the credentials and took swift steps designed to prevent future unauthorized access to the Tile customer support platform and associated customer data. At this time, we believe there is no ongoing unauthorized access to the Tile customer support platform.'

in Hardware,   Security, Posted by log1p_kr