Identity protection firm Aura disclosed that a voice phishing attack on an employee led to unauthorized access to nearly 900,000 records containing customer names and email addresses, including about 20,000 current and 15,000 former customers. Threat group ShinyHunters claimed responsibility and leaked files on their extortion site, while Aura says SSNs, passwords, and financial data were not exposed and it is investigating with external experts and law enforcement. #Aura #ShinyHunters
Keypoints
- A voice phishing attack on an Aura employee resulted in the data breach.
- Nearly 900,000 records from a marketing tool inherited during a 2021 acquisition were exposed, affecting 20,000 current and 15,000 former customers.
- Aura reports exposed data included names, email addresses, home addresses, and phone numbers, but not SSNs, account passwords, or financial information.
- Threat actor ShinyHunters claimed the theft and published 12GB of files; Have I Been Pwned added the leak to its database and noted many emails were previously known.
- Aura is working with external cybersecurity experts, has notified law enforcement, and will send personalized notifications to affected individuals.