- Aura confirms breach exposing ~900,000 customer records
- Attack stemmed from phone phishing; names and emails stolen, but no SSNs or financial data
- ShinyHunters claim responsibility, add Aura to extortion site after failed ransom talks
Digital security company Aura confirmed suffering a cyberattack and losing almost a million customer records.
In an announcement published on its website earlier this week, the identity protection firm said that one of its employees was recently targeted with a phone phishing attack.
The threat actor gained access to that employee’s account for roughly one hour and during that time managed to exfiltrate roughly 900,000 records.
Article continues belowShinyHunters takes the blame
Aura says that the records belong to both active (up to 20,000), and former Aura customers (no more than 15,000), and include names and email addresses.
They were pulled from a marketing tool used by a company that Aura bought in 2021. Social Security numbers, passwords, and financial information were not compromised.
“Aura’s systems have been purpose-built to limit the potential exposure of customer information in the event of a breach, including organizational, technical, and physical safeguards that worked as designed in this incident,” the announcement reads. “All sensitive customer personal information (Social Security numbers, financial transactions, credit files, payment details, credentials) is encrypted and access is highly restricted.”
The company said it is now notifying impacted customers “as appropriate” and does not expect the attack to escalate further.
While Aura did not discuss the attackers or their goals, BleepingComputer found out that ShinyHunters already claimed responsibility for the breach. Apparently, the group added Aura to its data extortion site, claiming to have nabbed 12GB of files with customer personally identifiable information (PII) and other corporate data.
ShinyHunters is a highly active ransomware threat actor, among the first ones to stop using an encryptor and focus solely on data exfiltration. They said they “failed to reach an agreement” with Aura, meaning they demanded a ransom payment in exchange for deleting the stolen files.
We don’t know how much money ShinyHunters demanded.
TechRadarPro contacted Aura for comment, and the company provided a link to a statement, which reads, "As our investigation into this security incident has progressed, we can confirm that no database supporting the Aura identity theft protection application was accessed in any way. No sensitive information provided by customers to Aura for monitoring purposes — such as Social Security numbers, financial information, credit records, or passwords — was compromised."
"There is no ongoing risk to customer data, and Aura’s services remain safe to use," the statement said.
Via BleepingComputer
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.