Life360 was impacted by a data breach, which they announced in early June. The malicious actors behind the data breach have appeared to target systems associated with Tile, a Life360 subsidiary. Possibly compromised information may include client names, phone numbers, addresses, email addresses and identification numbers for tile devices. 

Security leaders weigh in 

Piyush Pandey, CEO at Pathlock:

“In this instance, it appears that access was given using the admin credentials of a former Tile employee, which points to a key tenant of identity security — the ability to have proactive visibility to the access and entitlements of users throughout the joiner, mover and leaver portions of the identity lifecycle. It also seems that there was a lack of multi-factor authentication, which may have thwarted access being granted with just a username and password. This breach also points to the criticality of securing service account access in addition to the primary line-of-business applications.”

Anne Cutler, Cybersecurity Evangelist at Keeper Security:

“Admin account security must be prioritized by organizations, as evidenced by the recent data breach affecting Life360. Attackers exploiting compromised credentials to gain access to a Tile customer support platform emphasizes the need for robust cyber defenses. This includes implementing stringent password policies, securing privileged credentials and enforcing least privilege access. Admin accounts should only be granted minimal access necessary to their roles, significantly reducing the risk of cybercriminals gaining access to sensitive data and systems if an admin account is compromised. To further enhance admin account security, organizations should also prioritize continuous monitoring and auditing of admin activities. This proactive stance can help organizations detect and swiftly respond to suspicious behavior. 

“Implementing multi-factor authentication (MFA) across all accounts adds a critical second layer of security by requiring multiple forms of authentication to access sensitive systems. Additionally, robust employee education about cybersecurity best practices, including how to recognize phishing attempts and the importance of strong password practices, strengthens the organization’s ability to withstand most breaches. 

“It’s crucial for organizations to understand this isn’t a one-time task but an ongoing effort. Regularly reviewing and updating access permissions based on job roles and responsibilities is essential to protect your organization’s crown jewels from unauthorized access attempts.

“While the data leaked in this breach did not include highly sensitive information such as login credentials or financial details, users may feel violated knowing their personal information and device identification numbers are now in the hands of cybercriminals. All organizations have an inherent obligation to protect their users and their users’ data. When a company is a custodian of personal information, it requires a much higher bar for security and monitoring than other types of organizations. Companies should regularly audit their data inventory to not only ensure compliance, but to also make sure that they are only retaining the sensitive data that is required.”

Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start:

“The data breach involving Life360’s Tile customer support platform highlights significant threat intelligence implications. 

• Targeted extortion: This is when hackers use stolen data to demand a ransom. Example: In the 2020 Garmin ransomware attack, hackers demanded $10 million. Impact: Financial loss and operational disruption.
• Supply chain vulnerabilities: These occur when attackers exploit weaknesses in a company’s suppliers. Example: The SolarWinds incident saw attackers infiltrate numerous organizations through compromised vendor software. Impact: Widespread access to multiple organizations’ networks.
• Data sensitivity: Even non-sensitive personal information can be used for phishing and social engineering attacks. Example: In the 2013 Target breach, attackers used stolen customer data for fraud. Impact: Increased risk of identity theft and financial fraud.
• Incident response: Effective measures to detect and respond to breaches are crucial. Example: Maersk’s rapid recovery from the NotPetya attack due to robust incident response strategies. Impact: Minimizes downtime and potential damage.

“These examples underscore the necessity for comprehensive security frameworks, vigilant monitoring and effective incident response strategies across all organizational platforms and subsidiaries. To better protect administrator accounts, teams can implement the following measures:

1. Multi-factor authentication (MFA): Require MFA for all admin accounts to add an extra layer of security.
2. Strong password policies: Enforce the use of strong, unique passwords and regular password changes.
3. Least privilege principle: Grant admin rights only to those who absolutely need them, minimizing the number of users with high-level access.
4. Regular audits and monitoring: Continuously monitor and audit admin account activities to detect and respond to suspicious behavior promptly.
5. Security awareness training: Educate employees on recognizing phishing attempts and the importance of safeguarding credentials.

“Implementing these measures can significantly reduce the risk of unauthorized access to critical systems.”