Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Access Tile's Internal Tracking Tools, Customer Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
It's a shame but I suspect many firms who don't take security seriously fall into that malaise, and don't have (or stick to) a pre-determined separation process. Disabling accounts and email is one thing, but there's so much more, including the immediate retrieval of work-issued computers and devices, etc.
If these things aren't done immediately, there's obviously a window of opportunity for nefarious activities to take place. There's also the very real risk that action to close off accounts will never even be taken as it gets forgotten, leaving accounts and access still in place for employees who have long since left the company. I suspect this is what’s happened at Tile.
Did apple lose your business on sealed iPhone batteries?
Did Apple lose your business on soldered ram
Or is this a one way hypocrisy?
Citizens are alway the victims of the cyber breach, not the company. This is the difficult side for all of us, entrusting so much of our lives to software services and databases. Just praying that nothing ever happens to 1Password!
Neither of those required being rubbish binned when the battery was dead.
Last edited by a moderator:
I had been on disability. It wasn't getting better and I was close to retirement so I gave them notice when it ran out. I didn't have access to medical records (just email and the work order system) so I wasn't a real risk. But they weren't taking chances, apparently.
Assuming Tile sells in to the UK and EU, then their lack of proactive reporting of the breach would be a huge no-no under the GDPR. I foresee very substantial fines. This is just lazy behaviour that is dangerous to its users. I would recommend that everyone move away from the brand.
And totally preventable if they had just shut down the credintials as soon as the employee left. This is on Tile.
Apple like Google has a database that probably has your Wifi router and its location. This is accessible from the Internet. When your Apple device connects to a Wifi location it sends the wifi mac address plus dozens of nearby ones back to Apple. Researches recently used it to map what people had Starlink by leveraging public records of addresses and linking it to the wifi router included in the starlink. They also found it had military value by showing the locations of starlinks around the Ukrainian front lines.
This is where multiple accounts are beneficial. Back in my system admin days I advocated this process. Your normal account would be a normal user. You had a separate login with more access and sometimes admin rights.
This would also address your work remote issue. Day to day they can work remote due to their normal account. If they need more access, they come to the office and use their more powerful account.
To the degree that's true, to the degree that "most companies" are similar to hackers (which is quite a stretch), then my comments apply equally to those companies.
Unless someone knows exactly how the Find My network works and stores data, there's nothing we can debate.
I wonder if the day will come where hacking isnt worth the effort anymore cause everything has already been hacked. Kinda how some believe piracy isnt worth it cause Spotify is cheap.
The biggest surprise in all of this was that Tile still had any customers in the year 2024. 😯
Life360? Another privacy nightmare of a service that should have ceased to exist years ago. 🙃
Life360? Another privacy nightmare of a service that should have ceased to exist years ago. 🙃
Not true. A data breach is an accidental leak of data. A hack is intentional, how you access it is only one very small part of the equation - but stolen credentials is CERTAINLY a hack.
- A data breach occurs when data that is unintentionally left vulnerable in an unsecured environment is viewed by someone who shouldn't have access to that data.
- A hack is the result of an intentional attack, while a breach is the result of human negligence.
- A hack is a calculated alteration to a computer’s hardware or software for a purpose other than that originally intended by the developer.
- A data hack is intentional and is usually conducted by cyber criminals with malicious intent for adverse purposes such as data theft or fraud.
- A data breach is a more general term and simply refers to the outcome that data was made available to unauthorised people.
Last edited:
Well, it was a hack, so the opposite here is true - people claiming this is a data breach are twisting and molding an incorrect point of view.
iPhone batteries are RECHARGEABLE. RAM is REUSABLE. What a horrible comparison.
Apple does this differently from Google, the data is not stored that way and it wasn't sent back quite the way you're describing. And Apple changed the way this works when that research was revealed.
Google has a database of locations, the phone sends its nearby access points and the server tells the phone its location. Apple let the phones calculate their own telemetry data by the servers sending a bunch of nearby locations of those access points - to prevent the database from ever knowing the actual location of the phone. The problem with that out in the middle of a war is that the telemetry data doesn't need to be anonymous, you know that if there's anything out there at all it is not just some dude's wifi access point, it's a mobile military access point.
But anyone can create this type of map on their own as those access points are discoverable by anything in range of them. And Tile knows it was you at this location and that it was your tile. Neither Google nor Apple know anything about who owns access points other than if a MAC address is there that can provide the vendor hardware ID.
Today, this has been taken further and is called Zero Trust. Your user account can access nothing but user stuff, ever. Any admin account has access to nothing and must request access for a limited amount of time. That can be granted automatically or manually - called Access Control.
Last edited:
I'm already taking this posture. My data has been hacked so many times, at so many levels, from so many places that I just assume it's a needle in a haystack. I'm not going to be targeted any more than the rest of the hay, and as more info becomes available they may as well have none.
Yah, I get you Sis/Bro
But, 'complacency' is the main ingredient in this crazy souffle....