- Aura confirms breach and exposes ~900,000 customer records
- The attack originated from phone phishing; stole names and emails, but no SSNs or financial data
- ShinyHunters claims responsibility, adds Aura to the blackmail site after failed ransom negotiations
Digital security firm Aura confirmed it suffered a cyber attack and lost nearly a million customer records.
In an announcement published on its website earlier this week, the identity protection company said one of its employees was recently hit by a phone phishing attack.
The threat actor gained access to the employee’s account for about an hour and during that time managed to exfiltrate around 900,000 records.
The article continues below
ShinyHunters takes the blame
Aura says the records belong to both active (up to 20,000) and former Aura customers (no more than 15,000), and include names and email addresses.
They were obtained from a marketing tool used by a company that Aura bought in 2021. Social security numbers, passwords and financial information were not compromised.
“Aura’s systems are purpose-built to limit the potential exposure of customer information in the event of a breach, including organizational, technical and physical safeguards that functioned as designed in this incident,” the statement reads. “All sensitive customer information (social security numbers, financial transactions, credit files, payment information, credentials) is encrypted and access is highly restricted.”
The company said it is now notifying affected customers “as needed” and does not expect the attack to escalate further.
While Aura did not discuss the attackers or their goals, Bleeping Computer found that ShinyHunters already claimed responsibility for the breach. Apparently, the group added Aura to its data extortion site and claimed to have nabbed 12 GB of files containing customer identifiable information (PII) and other company data.
ShinyHunters is a very active ransomware threat actor, among the first to stop using an encryption and focus solely on data exfiltration. They said they “did not reach an agreement” with Aura, meaning they demanded a ransom in exchange for deleting the stolen files.
We do not know how much money ShinyHunters demanded.
TechRadarPro reached out to Aura for comment, and the company provided a link to a statement that read: “As our investigation into this security incident has progressed, we can confirm that no database supporting the Aura identity theft protection application was accessed in any way. No sensitive information provided by customers to Aura for monitoring purposes – such as social security numbers, financial information, credit records or passwords – was compromised.”
“There is no ongoing risk to customer data and Aura’s services remain safe to use,” the statement said.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
