Identification safety firm Aura has confirmed that an unauthorized get together gained entry to almost 900,000 buyer information containing names and e-mail addresses.
The corporate states that the incident was brought on by a voice phishing assault focusing on an worker, which uncovered the delicate information of 20,000 present and 15,000 former prospects.
In a communication this week, Aura states that the info originated from a advertising and marketing device utilized by an organization acquired by Aura in 2021, which uncovered restricted data.
Aura is a shopper digital security agency that sells id theft safety, credit score and fraud monitoring, and on-line safety instruments for phishing safety, positioning itself as an all-in-one service for on-line safety.
Earlier this week, the risk group ShinyHunters claimed the assault on their information extortion website, stating that they stole 12GB of recordsdata containing personally identifiable data (PII) on prospects, in addition to company information.
The risk actor leaked the stolen recordsdata, saying that the corporate “failed to achieve an settlement with them regardless of all the probabilities and presents” they made.
Supply: BleepingComputer
Based on Aura, the compromised buyer data contains full names, e-mail addresses, dwelling addresses, and cellphone numbers. The corporate emphasizes that Social Safety Numbers (SSNs), account passwords, and monetary data weren’t compromised.
The Have I Been Pwned (HIBP) service analyzed the leaked information and added it to its database, noting that customer support feedback and IP addresses had been additionally uncovered. HIBP additionally acknowledged that 90% of the e-mail addresses uncovered on this incident had been already current in its database from previous safety incidents.
BleepingComputer has requested Aura in regards to the discrepancy between HIBP reporting somewhat over 901,000 affected accounts, and the corporate mentioned that their determine was correct.
That is defined by the truth that the info collected by the advertising and marketing device was inherited when buying the corporate in 2021. Nevertheless, the database contained solely 35,000 Aura prospects. The corporate declined to remark additional on ShinyHunters’ claims or the alleged Okta SSO compromise.
At the moment, Aura is conducting an in-depth inner evaluation in partnership with exterior cybersecurity consultants and has confirmed to BleepingComputer that they’ve additionally knowledgeable legislation enforcement authorities.
Aura informed us that it’s going to quickly ship personalised notifications to all affected people.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
