Published: August 10, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
A data breach at Life360, those behind Tile real-time tracking products, was announced by the company in July. With more than 66 million members worldwide, Life360 says the attacker breached customer support services at Tile to access customer data. It’s believed the hacker stole a former Tile employee’s credentials for the cyberattack, demonstrating once again how important it is for everyone to know to keep all credentials under wraps.
Life360’s popular Tile products provide a range of location tracking services for its members, using Bluetooth tracker tiles to locate lost or misplaced items. The hacker accessed Tile customer information used for law enforcement requests about their trackers.
Life365 CEO says an “unknown actor” contacted the company, claiming they have the hijacked information. The CEO says the attacker is extorting the company for the data’s return, with Tile member names, physical and email addresses, phone numbers, and device ID numbers stolen.
The risks associated with abused employee credentials is an ongoing security threat for many organizations. In the wrong hands, account login and other access information gives bad actors an open door to data systems.
With the stolen information likely ending up on underground forums, phishing attacks are expected. Below are a few cyber-smart tips to keep customers, employees, and everyone safer from email phishing.
Sensitive information. If an email asks you to provide personally identifiable information (PII), it’s a phishing red flag.
Urgent action demands. Any push to get a quick response is a hacker scare tactic, hoping you’ll act fast and not stop to think first.
Attachments and links. Attachments can hold malware and links can go to infected or spoofed websites created by hackers to steal information. Always verify with the sender that the email is legitimate before acting on it.
Generic greetings. Emails not using your name, like “dear employee,” “dear customer,” or other non-specific greeting are a phishing red flag.
When in doubt, throw it out. Any email with the slightest suspicion should never be acted on and is better deleted. If you’re an at work, report the email to the IT department for a further look.
In the ongoing investigation, Life360 won’t say how many customers were impacted. But no matter how many end up victimized, there are security takeaways for us all.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments