- Aura confirms breach exposing approximately 900,000 customer records
- The attack came from a phone phishing; names and emails stolen, but no SSN or financial data
- ShinyHunters Claims Responsibility, Adds Aura to Extortion Site After Ransom Negotiations Fail
Digital security company Aura has confirmed it suffered a cyberattack and lost almost a million customer records.
In an announcement posted on its website earlier this week, the identity protection company said one of its employees was recently the target of a phone phishing attack.
The threat actor had access to this employee’s account for approximately an hour and during this time managed to exfiltrate approximately 900,000 records.
Article continues below
ShinyHunters takes responsibility
Aura says the records belong to both active customers (up to 20,000) and past Aura customers (no more than 15,000) and include names and email addresses.
They were taken from a marketing tool used by a company that Aura purchased in 2021. Social Security numbers, passwords and financial information were not compromised.
“Aura’s systems were specifically designed to limit the potential exposure of customer information in the event of a breach, including organizational, technical and physical protections that functioned as intended during this incident,” the announcement said. “All sensitive personal information of customers (social security numbers, financial transactions, credit files, payment details, identifying information) is encrypted and access is highly restricted.”
The company said it is now notifying affected customers “as appropriate” and does not expect a further escalation of the attack.
Although Aura did not discuss the attackers or their objectives, BeepComputer discovered that ShinyHunters had already claimed responsibility for the breach. Apparently, the group added Aura to its data extortion site, claiming to have recovered 12 GB of files containing personally identifiable information (PII) about customers and other company data.
ShinyHunters is a very active ransomware threat actor, among the first to stop using an encryptor and focus solely on data exfiltration. They said they “did not reach an agreement” with Aura, meaning they demanded a ransom be paid in exchange for the removal of the stolen files.
We don’t know how much money ShinyHunters asked for.
TechRadarPro has contacted Aura for comment, and the company provided a link to a statement that says: “As our investigation into this security incident progresses, we can confirm that no database supporting the Aura identity theft protection application was accessed in any way.” No sensitive information provided by customers to Aura for monitoring purposes – such as Social Security numbers, financial information, credit reports or passwords – was compromised.
“There is no ongoing risk to customer data and Aura’s services remain safe to use,” the statement said.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
