Over 400,000 Life360 user phone numbers leaked via unsecured API
17-July-24
A threat actor known as ’emo’ has leaked personal information of 442,519 Life360 customers, exploiting a flaw in the login API to obtain email addresses, names, and phone numbers. The breach, first spotted by HackManac, occurred in March 2024. Emo clarified that the flaw, which has since been fixed, allowed verification of user details during login attempts. Additionally, emo leaked over 15 million Trello email addresses from another unsecured API in January. On Thursday, Life360 disclosed an extortion attempt linked to a breach of a Tile customer support platform, exposing names, addresses, email addresses, phone numbers, and device IDs. Life360 CEO Chris Hulls stated that no sensitive information like credit card details or government IDs was compromised. The company, which acquired Tile in 2021, has yet to provide details on the impact of the Tile incident.
