Life360 Details

    Organization Logo

    Life360

    San Francisco, California300 employees • Technology

    https://www.life360.com
    United States

    Industry

    Technology

    Security Incidents

    1

    Life360 Inc. is a location-based services company that aims to provide safety and peace of mind for families. Founded in 2008 by Chris Hulls and Alex Haro, the company's core product is a mobile application which enables users to share their location with family members, set up geo-fenced alerts, and communicate efficiently within the app. The app also offers driving analysis, roadside assistance, and emergency dispatch services among other family safety tools.

    Over the years, Life360 has expanded its functionality to include various safety and security features, becoming a comprehensive solu...
    Show more

    Security Incidents

    Life360 Breach of Jul 2024
    Severity Score
    Significant to High

    Type

    Data Breach

    Summary

    In March 2024, Life360 experienced a data breach when a threat actor, using the alias 'emo,' exploited a flaw in the login API. This vulnerability allowed emo to access personal information of 442,519 customers, including email addresses, names, and phone numbers. This sensitive data was retrieved through an unsecured API endpoint that facilitated the verification of user details during the login process on Android devices. Life360 has since corrected the API flaw, ensuring that any additional requests now return a placeholder phone number.

    Additionally, Life360 disclosed another incident whe...
    Show more

    Severity

    The recent cybersecurity incidents involving Life360 and Tile were significant. A threat actor exploited a flaw in Life360's login API to leak personal information of 442,519 users, including email addresses, names, and phone numbers. Additionally, a separate breach targeted Tile's customer support platform, compromising sensitive data, such as names, addresses, emails, and device IDs, further exacerbated when 15 million email addresses associated with Trello accounts were leaked due to another unsecured API.

    The sophistication of these attacks, the large number of affected users, and the pot...
    Show more

    Impact

    The recent cyber security incidents involving Life360 and Tile were multifaceted and concerning. A vulnerability in Life360's login API led to the exposure of personal information, including names, email addresses, and phone numbers of over 442,519 customers. The flaw allowed anyone with basic technical skills to verify and collect this data, although Life360 has since fixed the issue.

    Additionally, attackers breached a Tile customer support platform, leading to an extortion attempt. The breach exposed sensitive data such as names, addresses, email addresses, phone numbers, and device identif...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos