Connect with us

Hi, what are you looking for?

Business

Life360 hack: What does it mean for businesses?

The breach impacted data related to an unspecified number of individuals, as none of the sources provided a specific number of compromised accounts or users.

A trove of documents from I-Soon, a private contractor that competed for Chinese government contracts, shows that its hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes
A trove of documents from I-Soon, a private contractor that competed for Chinese government contracts, shows that its hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes - Copyright AFP/File Daniel LEAL
A trove of documents from I-Soon, a private contractor that competed for Chinese government contracts, shows that its hackers compromised more than a dozen governments, according to cybersecurity firms SentinelLabs and Malwarebytes - Copyright AFP/File Daniel LEAL

It has recently been revealed that in March 2024, a hacker exploited an API flaw in Life360’s login system and leaked personal information including names, phone numbers and email addresses of over 440,000 users.

Life360 Inc. is a San Francisco, California–based American information technology company that provides location-based services, including sharing and notifications, to consumers globally.

The breach impacted data related to an unspecified number of individuals, as none of the sources provided a specific number of compromised accounts or users.


What does this mean for the business community?

To discover more, Digital Journal has spoken with Jason Kent, Hacker in Residence at Cequence.

Kent begins by giving a run-down on the attack process, noting: “This is a fairly interesting attack in that the attacker simply examined the response data from the mobile app’s login process and found sensitive information the app didn’t need to display.”

There are things to consider for technology teams, which Kent explains as: “This illustrates the need to test APIs for things like sensitive data in the responses. Even basic checks on the login API would have revealed this data leak, indicating they weren’t testing for the right things. In order to pull this database, the attacker had to send thousands upon thousands of requests for usernames and scraped the return data.”

In terms of the implications of the data haul, Kent’s assessment is: “As we see more and more data dumps we see more and more use of the usernames. In this case knowing an email address on the system yields name and phone number. As you can see, by exploiting flaws in company A the attacker can use a bit of information on an insecure API flow in Company B and enhance the database making it much more valuable on the black market or for further attacks.”

Returning to the case specifics, King says: “All Life360 customers need to know their name, phone number and email addresses are now compromised and should be extra vigilant to keep the security of these items in mind. Following attacks could include smishing attempts, login validation attempts (checking for password reuse) and possibly Multi-Factor Fatigue Campaigns.”

In terms of general actions that any company can take on board, King proposes: “The best prevention for this sort of thing is to not reuse passwords. Use a secure vault if you have a hard time remembering passwords and keep them all refreshed!”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Entertainment

Artist and performer Ryan Michael James chatted about his latest endeavors, and being a part of the digital age.

Social Media

You can’t just tell kids not to use screens. Screens are unavoidable. Stress can be avoided.  

Entertainment

Andrew Walker and Nikki DeLoach star in the new Hallmark mystery "Curious Caterer: Forbidden Fruit," which premiered on October 11th.

Entertainment

Actor, stuntman, and martial artist Marko Zaror of "John Wick: Chapter 4" chatted about his upcoming movies.