Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform.

Life360 provides real-time location tracking, crash detection, and emergency roadside assistance services to more than 66 million members worldwide. In December 2021, it acquired Bluetooth tracking service provider Tile in a $205 million deal.

On Wednesday, Life360 revealed that an attacker breached a Tile customer support platform and gained access to names, addresses, email addresses, phone numbers, and device identification numbers.

“Similar to many other companies, Life360 recently became the victim of a criminal extortion attempt. We received emails from an unknown actor claiming to possess Tile customer information,” Life360 CEO Chris Hulls said.

The exposed data “does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers, because the Tile customer support platform did not contain these information types,” Hulls added.

“We believe this incident was limited to the specific Tile customer support data described above and is not more widespread.”

Breached using stolen credentials

Life360 did not disclose how the threat actor breached its platform, but the company stated that it had taken steps to protect its systems from further attack and reported the extortion attempts to law enforcement.

Furthermore, the company has yet to reveal when the breach was detected or how many customers were impacted by the resulting data breach.

A Tile spokesperson refused to answer any of these questions, saying Tile is “continuing to work with law enforcement” and has “no other updates at this time.”

While Life360 didn’t provide many details regarding this breach, 404 Media reported on Wednesday that the hacker used what are believed to be the stolen credentials of a former Tile employee to gain access to multiple Tile systems.

The threat actor said that one of the compromised tools helps find Tile customers based on their phone numbers or private hash IDs and “initiate data access, location, or law enforcement requests,” while others presumably allowed creating admin users, pushing alerts to Tile users, and transfer Tile device ownership.

However, the attacker scraped Tile customer names, addresses, email addresses, phone numbers, and device identification numbers using a different system by sending millions of requests without being detected.

At the moment, it’s uncertain whether the threat actor will release the scraped data. However, this type of data is commonly sold on hacking forums and dark web markets or released for free in order to boost the threat actor’s reputation.