Application security, Breach

Misconfigured API exposes over 440K Life360 users’ data

APIs

U.S. safety and location services firm Life360 had a database with the personal details of 442,519 individuals stolen in March through the exploitation of an unsecured login API leaked by the threat actor emo, who just exposed more than 15 million Trello email addresses earlier this week, reports BleepingComputer.

Included in the compromised information were customers' names, email addresses, and phone numbers, which have been verified to be legitimate by BleepingComputer amid a lack of comment from Life360, which already moved to fix the API endpoint issue. Such a development comes nearly a week after Life360 confirmed the theft of data from the users of its Tile app. Infiltration of Tile's customer support platform using an ex-employee's credentials enabled the compromise of customer names, phone numbers, home and email addresses, and device IDs, but not passwords, location information, credit card numbers, and government ID numbers that have not been stored in the platform.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds