- Aura confirms breach exposing ~900,000 customer records
- The attack was due to telephone phishing; stolen names and emails, but not social security numbers or financial data
- ShinyHunters Claims Responsibility, Adds Aura to Extortion Site After Failed Ransom Talks
Digital security company Aura confirmed having suffered a cyberattack and having lost almost a million customer records.
In an announcement posted on its website earlier this week, the identity protection company said one of its employees was recently the target of a phone phishing attack.
The threat actor gained access to that employee’s account for approximately one hour and during that time managed to exfiltrate approximately 900,000 records.
Article continues below.
ShinyHunters takes the blame
Aura says the records belong to both active customers (up to 20,000) and former Aura customers (no more than 15,000), and include names and email addresses.
They were extracted from a marketing tool used by a company that Aura purchased in 2021. Social security numbers, passwords, and financial information were not compromised.
“Aura’s systems have been specifically designed to limit the potential exposure of customer information in the event of a breach, including organizational, technical and physical safeguards that functioned as designed in this incident,” the announcement reads. “All sensitive personal customer information (Social Security numbers, financial transactions, credit files, payment details, credentials) is encrypted and access is highly restricted.”
The company said it is now notifying affected customers “as appropriate” and does not expect the attack to escalate further.
While Aura did not speak about the attackers or their goals, beepcomputer discovered that ShinyHunters already claimed responsibility for the breach. The group apparently added Aura to its data extortion site, claiming to have captured 12 GB of files with customer personally identifiable information (PII) and other corporate data.
ShinyHunters is a very active ransomware threat actor, one of the first to stop using an encryptor and focus solely on data exfiltration. They said they “failed to reach an agreement” with Aura, meaning they demanded a ransom payment in exchange for deleting the stolen files.
We don’t know how much money ShinyHunters demanded.
TechRadarPro contacted Aura for comment and the company provided a link to a statement that reads: “As our investigation into this security incident continues, we can confirm that no database supporting Aura’s identity theft protection application was accessed in any way. No sensitive information provided by customers to Aura for monitoring purposes, such as Social Security numbers, financial information, credit records or passwords, was compromised.”
“There is no ongoing risk to customer data and Aura’s services remain safe to use,” the statement said.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
