Life360, a popular family location tracker app, suffered a data breach affecting 443,000 users. Personal details, including first names and phone numbers, were leaked. Learn about the breach, potential risks, and protective measures.
Hackers have dumped the personal details of over half a million users of Life360, a popular family safety and location-sharing app for Android and iOS. The data breach occurred in March 2024, but the database was only leaked on the notorious Breach Forums on Wednesday, July 17, 2024.
It is worth noting that Life360 is not new to cybersecurity incidents. In June 2024, location tracker firm Tile, whose parent company is Life360, also suffered a massive data breach in which a hacker not only managed to steal sensitive data but also accessed internal tools.
Although both incidents appear to be linked, the actual hacker(s) responsible for this breach remain unknown. However, the data was leaked on the forum by another hacker using the alias “Emo.” Emo is the same hacker who recently leaked over 15 million Trello customer accounts in a breach that took place in January 2024.
Leaked Life360 Data
According to the analysis of the leaked database by the Hackread.com Research Team, it can be confirmed that the number of users impacted by the breach is 443,223. The personal details leaked include the following information:
- Full names
- Phone numbers
- Email addresses
- Transaction IDs
- Registration Status
The good news is that the data breach does not contain passwords, social security numbers, or financial details.
HOW?
As to how Life360’s data was extracted, in their post on Breach Forums, Emo explained that the breach was a result of API abuse. By exploiting a vulnerability in the app’s login endpoint on Android, the hackers were able to access personal information, such as first names and phone numbers, from the API responses.
This information, though not visible to the user within the app, was accessible through the backend and could be misused. Life360 has since fixed this issue by modifying the API response to return placeholder numbers instead of actual phone numbers.
The bad news is that not only are Life360 users at risk of phishing emails since their email addresses have been leaked but they are also exposed to Smishing (SMS phishing) since their phone numbers are out as well. Additionally, the data is being actively shared on Telegram groups and Russian-speaking cybercrime forums.
Therefore, if you have an account with Life360, you must keep an eye on any suspicious activity. Additionally, change the password for your impacted email address, as hackers can find its password in previous data breaches and attempt to log in. You can block these attempts by enabling multi-factor authentication on your device.
This article will be updated accordingly. Stay tuned.