- Aura confirms breach exposing ~900,000 consumer records
- Attack stemmed from phone phishing; names and emails stolen, but no SSNs or financial data
- ShinyHunters claim responsibility, add Aura to extortion site after failed ransom talks
Digital security company Aura confirmed suffering a cyberattack and losing 900,000 consumer records that were part of a marketing contact list.
In an announcement published on its website earlier this week, the identity protection firm said that one of its employees was recently targeted with a phone phishing attack.
The threat actor gained access to that employee’s account for roughly one hour and during that time managed to exfiltrate roughly 900,000 consumer records.
ShinyHunters takes the blame
Aura says that the records belong to both active (up to 20,000), and former Aura customers (no more than 15,000), and include names and email addresses.
They were pulled from a marketing tool used by a company that Aura bought in 2021. Social Security numbers, passwords, and financial information were not compromised.
“Aura’s systems have been purpose-built to limit the potential exposure of customer information in the event of a breach, including organizational, technical, and physical safeguards that worked as designed in this incident,” the announcement reads. “All sensitive customer personal information (Social Security numbers, financial transactions, credit files, payment details, credentials) is encrypted and access is highly restricted.”
The company said it is now notifying impacted customers “as appropriate” and does not expect the attack to escalate further.
While Aura did not discuss the attackers or their goals, BleepingComputer found out that ShinyHunters already claimed responsibility for the breach. Apparently, the group added Aura to its data extortion site, claiming to have nabbed 12GB of files with customer personally identifiable information (PII) and other corporate data.
ShinyHunters is a highly active ransomware threat actor, among the first ones to stop using an encryptor and focus solely on data exfiltration. They said they “failed to reach an agreement” with Aura, meaning they demanded a ransom payment in exchange for deleting the stolen files.
We don’t know how much money ShinyHunters demanded.
TechRadarPro contacted Aura for comment, and the company provided a link to a statement, which reads, "As our investigation into this security incident has progressed, we can confirm that no database supporting the Aura identity theft protection application was accessed in any way. No sensitive information provided by customers to Aura for monitoring purposes — such as Social Security numbers, financial information, credit records, or passwords — was compromised."
"There is no ongoing risk to customer data, and Aura’s services remain safe to use," the statement said.
Via BleepingComputer
