Thousands of Life360 users have data leaked following breach

Leaker shares Life360 archive on the dark web

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Almost half a million of Life360 customers have had their data leaked on the dark web following a data breach.

Earlier this week, a threat actor with the alias ‘emo’ posted a new thread on an underground hacking forum, sharing a database containing emails, phone numbers, and full names of 442,519 people. In the post, the hacker said they were not the ones to initially breach the site.

“Credit to the original breacher for this leak yk who u are,” they said.

Fixed issues

Fixed issues

BleepingComputerreports the breach happened in March 2024, when someone abused a flaw in the site’s login API. it also confirmed the authenticity of at least some of the data in the archive.

“When attempting to login to a life360 account on Android the login endpoint would return the first name and phone number of the user, this existed only in the API response and was not visible to the user,” emo said. “If a user had verified their phone number it would instead be returned as a partial number like +1******4830.”

The post also says that Life360 fixed the breach in the meantime, with the endpoint no longer returning the phone numbers. “Now a placeholder number is returned in the API response,” they concluded.

Life360 is a family networking app designed to provide location and safety services. With the app, available on both Android and iOS, users can share their real-time locations on a private map, set up geofences, as well as various safety features. The tool also keeps a history of locations and movements.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The company has had a rough few weeks since recently it reported experiencing an extortion attempt when hackers broke into a Tile customer support platform and stole people’s names, postal addresses, email addresses, phone numbers, and device IDs.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics