For the three of you who still use Tile bluetooth trackers, I have bad news for you. The company has been pwned. And while this isn’t as bad as it could have been. It’s pretty bad. Here’s the key details:
A hacker has gained access to internal tools used by the location tracking company Tile, including one that processes location data requests for law enforcement, and stolen a large amount of customer data, such as their names, physical addresses, email addresses, and phone numbers, according to samples of the data and screenshots of the tools obtained by 404 Media.
The stolen data itself does not include the location of Tile devices, which are small pieces of hardware users attach to their keys or other items to monitor remotely. But it is still a significant breach that shows how tools intended for internal use by company workers can be accessed and then leveraged by hackers to collect sensitive data en masse. It also shows that this type of company, one which tracks peoples’ locations, can become a target for hackers.
“Basically I had access to everything,” the hacker told 404 Media in an online chat. The hacker says they also demanded payment from Tile but did not receive a response.
That’s not good. Now the limit of this hack is limited because Tile’s business fell off a cliff the second that Apple AirTags appeared. But if your data is still in Tile’s systems, you have a problem.
Sidebar: It may be too late now, but if you want to delete your Tile account click here.
Anyway, I want to point out how the hacker got in:
The hacker says they obtained login credentials for a Tile system that they believe belonged to a former Tile employee.
That’s bad. Clearly Tile dropped the ball here. And that continued with how they responded to 404 Media. Check this out:
Tile told 404 Media in a statement “Recently, an extortionist contacted us, claiming to have used compromised Tile admin credentials to access a Tile system and customer data. We promptly initiated an investigation into the potential incident. Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform. The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers.”
“We disabled the credentials and took swift action designed to prevent any future unauthorized access to the Tile customer support platform and associated Tile customer data. At this time, we are confident there is no continued unauthorized access to the Tile customer support platform,” the statement continued.
Tile suggested in its statement that it was not aware of what data had been taken until 404 Media shared samples of the data for more verification. “Once you supplied us with additional data, we investigated further and determined that it is likely data from the impacted Tile customer support platform. We thank you for bringing this new information to our attention,” it read.
Tile also published a version of this statement on its website, but only after 404 Media contacted the company for comment and proved to it that the stolen data was accurate.
Tile did not respond directly when asked if the hacker had the required access to perform a location data request.
Clearly Tile is clueless. I am certain that this is not going to be the last of this story. And secondary attacks against Tile customers are sure to come. And the blame for this rests solely with Tile. They and their corporate masters Life360 going forward don’t deserve a cent from you going forward as they clearly don’t have a clue when it comes to keeping your personal data secure. Not that I am shocked by that.
Like this:
Like Loading...
Related
This entry was posted on June 12, 2024 at 8:52 am and is filed under Commentary with tags Tile. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Have Pwned Tile…. And It’s Not Good
For the three of you who still use Tile bluetooth trackers, I have bad news for you. The company has been pwned. And while this isn’t as bad as it could have been. It’s pretty bad. Here’s the key details:
A hacker has gained access to internal tools used by the location tracking company Tile, including one that processes location data requests for law enforcement, and stolen a large amount of customer data, such as their names, physical addresses, email addresses, and phone numbers, according to samples of the data and screenshots of the tools obtained by 404 Media.
The stolen data itself does not include the location of Tile devices, which are small pieces of hardware users attach to their keys or other items to monitor remotely. But it is still a significant breach that shows how tools intended for internal use by company workers can be accessed and then leveraged by hackers to collect sensitive data en masse. It also shows that this type of company, one which tracks peoples’ locations, can become a target for hackers.
“Basically I had access to everything,” the hacker told 404 Media in an online chat. The hacker says they also demanded payment from Tile but did not receive a response.
That’s not good. Now the limit of this hack is limited because Tile’s business fell off a cliff the second that Apple AirTags appeared. But if your data is still in Tile’s systems, you have a problem.
Sidebar: It may be too late now, but if you want to delete your Tile account click here.
Anyway, I want to point out how the hacker got in:
The hacker says they obtained login credentials for a Tile system that they believe belonged to a former Tile employee.
That’s bad. Clearly Tile dropped the ball here. And that continued with how they responded to 404 Media. Check this out:
Tile told 404 Media in a statement “Recently, an extortionist contacted us, claiming to have used compromised Tile admin credentials to access a Tile system and customer data. We promptly initiated an investigation into the potential incident. Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform. The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers.”
“We disabled the credentials and took swift action designed to prevent any future unauthorized access to the Tile customer support platform and associated Tile customer data. At this time, we are confident there is no continued unauthorized access to the Tile customer support platform,” the statement continued.
Tile suggested in its statement that it was not aware of what data had been taken until 404 Media shared samples of the data for more verification. “Once you supplied us with additional data, we investigated further and determined that it is likely data from the impacted Tile customer support platform. We thank you for bringing this new information to our attention,” it read.
Tile also published a version of this statement on its website, but only after 404 Media contacted the company for comment and proved to it that the stolen data was accurate.
Tile did not respond directly when asked if the hacker had the required access to perform a location data request.
Clearly Tile is clueless. I am certain that this is not going to be the last of this story. And secondary attacks against Tile customers are sure to come. And the blame for this rests solely with Tile. They and their corporate masters Life360 going forward don’t deserve a cent from you going forward as they clearly don’t have a clue when it comes to keeping your personal data secure. Not that I am shocked by that.
Share this:
Like this:
Related
This entry was posted on June 12, 2024 at 8:52 am and is filed under Commentary with tags Tile. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.