Aura says a targeted voice phishing attack against one of its employees led to unauthorized access to about 900,000 records, prompting customer notifications and an incident response effort.
The disclosure came after the ShinyHunters threat group advertised what it claimed was a trove of data stolen from Aura, while Have I Been Pwned (HIBP) has now added the incident to its database.
According to Aura, the incident began when an employee was tricked in a targeted phone phishing attack, allowing an unauthorized third party to access the worker’s account for roughly an hour. The company said it revoked access as soon as it discovered the intrusion, activated its incident response plan, brought in outside cybersecurity and legal specialists, and notified law enforcement. Aura described the exposure as limited but acknowledged that the attacker accessed approximately 900,000 records.
Aura said the overwhelming majority of the exposed records were names and email addresses stored in a marketing tool tied to a company it acquired in 2021. The company added that the contact information of fewer than 20,000 active customers and fewer than 15,000 former customers was also accessed. In those cases, the exposed details may have included names, email addresses, home addresses, and phone numbers. Aura said Social Security numbers, passwords, and financial information were not compromised.
Aura is an online safety and identity protection provider that offers services to help consumers monitor fraud risks, protect accounts, and respond to identity-related threats. That makes any security incident particularly sensitive, even when the company says its core sensitive data stores remained protected.
The timing of Aura’s statement closely follows a breach listing by ShinyHunters, which claims to be offering 900,000-plus Aura records containing personally identifiable information and internal corporate material. ShinyHunters told CyberInsider that the breach occurred through an Okta single sign-on (SSO) attack.
HIBP reports that the leaked data affects 903,100 accounts, exposing names, email addresses, phone numbers, physical addresses, IP addresses, and customer service comments. It also noted that about 90% of the leaked records were already present in its system from previous breaches.
Aura said it is notifying impacted individuals where appropriate and will provide support to affected customers. Even without passwords or financial data in the exposed set, people affected by the breach should be on the lookout for follow-up scams, especially calls, emails, or texts that reference Aura, identity protection, billing, or account security.
Leave a Reply