Another day, another data breach. Bluetooth tracking device company Tile has fallen victim to a mammoth data breach, with cybercriminals stealing sensitive consumer data like names, physical addresses, and phone numbers, and even accessing tools that process location requests made by law enforcement.
In addition to stealing personal data en masse, hackers have also demanded a ransom from Tile’s parent company Life360 via email, contributing to a recent spike in ransomware attacks taking place across the US.
According to the tracking device company, the location of Tile devices and financial information like bank details have not been compromised in the attack. However, if you’re a member of Tile’s millions-strong customer base, we explain everything you need to know about the recent data leak – including what your next steps should be.
450,000 Tile Customers At Risk From Data Breach
The popular Bluetooth tracking device company Tile has become the latest data breach statistic after a hacker recently gained access to its internal system after retrieving login information from a former company employee.
After breaching the server, the cybercriminals took control of a tool used to “initiate data access”, before stealing a large amount of sensitive customer data, including names, phone numbers, physical addresses, email addresses, and more.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
With over 40 million Tile devices currently in circulation – many of which belong to users with a free subscription – the number of people impacted by the data breach is could be in the millions. The bad actor also gained access to an internal tool that processes location data requests for law enforcement, making Tile the latest in a long list of tech companies to be targeted for their data-sharing practices with the police.
Screenshot of Tile’s internal data search tool, sent to 404 from the hacker
According to media publication 404, the hacker “had access to everything” through its access of the internal company tool. However, Chris Hulls, CEO of Tile’s parent company Life360, asserts that the hack was limited to a customer support platform, and sensitive information like “credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers” were not jeopardized.
Hackers Are Also Demanding a Ransom from Tile
Hulls also revealed that the hacker attempted to criminally extort the company, by emailing owner Life360 and demanding money in exchange for the safe return of the information. The CEO explained that the company had reported this event to law enforcement and had taken further steps to protect their systems from bad actors.
“Recently, an extortionist contacted us, claiming to have used compromised Tile admin credentials to access a Tile system and customer data. We promptly initiated an investigation into the potential incident.” – Tile told 404 Media in a statement
As cybercriminals come up with increasingly creative ways to breach company systems, ransomware attacks have consistently surged in the past decade with research from Sophos revealing that 59% of US organizations were hit last year. However, with the hackers also hinting to 404 that Tile was targeted due to its data-sharing practices with law enforcement, it’s likely the cyber extortion could be part of a wider Hacktivism trend, where vigilante hackers go after corporations for political or moral purposes.
Whatever the reasoning behind Tide’s latest cybersecurity mishap, if you’re a Tile customer concerned about what the recent events mean for you, we guide you through what your next steps should be below.
What Tile Owners Can Do to After Hack
Unlike most major companies that have just weathered a cyber attack, Tile hasn’t yet reached out to customers that they believe have been impacted by the breach. The tracking company hasn’t revealed how widespread the problem is either, but to play things safe and minimize the potential fallout we’d recommend assuming you’ve been affected until Tide has officially posted a data breach notification letter.
One way to exercise caution is by being sceptical of potential phishing attacks. With so much personal data being exposed from the attack, Tile customers are currently at more risk of being targeted by cyber gangs that have gained access to their information.
As a result, when sifting through communication platforms like emails, we’d recommend keeping an eye out for suspicious messages with a heightened sense of urgency, spelling, and grammatical issues, and unofficial domain names. With tools like ChatGPT being used increasingly to execute email phishing attacks, combing through messages with a fine comb may be necessary to spot red flags.
It’s also worth regularly checking in on the site haveibeenpwnd.com, which tracks leaked data from data breaches, and is a good way to see if your data is out there in the public domain.
There are lots of other warning signs to look out for to ensure your online safety, however. Learn more about how to spot and avoid email phishing attempts.
