Almost half a million of Life360 customers have had their data leaked on the dark web following a data breach.
Earlier this week, a threat actor with the alias ‘emo’ posted a new thread on an underground hacking forum, sharing a database containing emails, phone numbers, and full names of 442,519 people. In the post, the hacker said they were not the ones to initially breach the site.
“Credit to the original breacher for this leak yk who u are,” they said.
Fixed issues
BleepingComputer reports the breach happened in March 2024, when someone abused a flaw in the site’s login API. it also confirmed the authenticity of at least some of the data in the archive.
“When attempting to login to a life360 account on Android the login endpoint would return the first name and phone number of the user, this existed only in the API response and was not visible to the user,” emo said. “If a user had verified their phone number it would instead be returned as a partial number like +1******4830.”
The post also says that Life360 fixed the breach in the meantime, with the endpoint no longer returning the phone numbers. “Now a placeholder number is returned in the API response,” they concluded.
Life360 is a family networking app designed to provide location and safety services. With the app, available on both Android and iOS, users can share their real-time locations on a private map, set up geofences, as well as various safety features. The tool also keeps a history of locations and movements.
The company has had a rough few weeks since recently it reported experiencing an extortion attempt when hackers broke into a Tile customer support platform and stole people’s names, postal addresses, email addresses, phone numbers, and device IDs.
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/GcQXTy4NBXKeoop4V5WQnQ-1200-80.jpg
Source link