• Home
  • cyber
  • Aura: Hacked: Aura confirms at least 900,000 impacted by ShinyHunters breach
cyber Breach

Aura: Hacked: Aura confirms at least 900,000 impacted by ShinyHunters breach

Mar 1, 2026 2 min read
Aura: Hacked: Aura confirms at least 900,000 impacted by ShinyHunters breach

Aura Discloses Phishing Attack Linked to ShinyHunters, Exposing Nearly 1M Records

Identity protection firm Aura confirmed this week that it fell victim to a targeted phone phishing attack earlier this month, orchestrated by the ShinyHunters cyber extortion group. The incident, which the company disclosed after being listed on the group’s darknet leak site, resulted in the compromise of approximately 900,000 customer records.

The attack began when a single employee’s account was breached for roughly one hour before Aura detected the intrusion. The company responded by terminating access, activating its incident response plan, and engaging external cybersecurity and legal experts, as well as notifying law enforcement. While the breach was brief, the impact was severe: the majority of the exposed records contained names and email addresses from a marketing tool inherited through a 2021 acquisition.

Aura clarified that fewer than 20,000 active customers and less than 15,000 former customers were affected. Critically, the company stated that no Social Security numbers, passwords, or financial information were accessed.

ShinyHunters, however, claimed on its leak site that 12GB of data including personally identifiable information (PII) and internal corporate records had been stolen and published online. The group alleged that Aura failed to negotiate despite multiple offers, stating, “They don’t care.”

This attack is part of a broader campaign by ShinyHunters, which has targeted multiple organizations since late 2023 by exploiting vulnerabilities in Salesforce instances. Other victims of the group include SoundCloud, Crunchbase, Bumble, and Harvard University, among at least 20 others. Salesforce has since issued guidance for customers to secure their systems.

Source: https://www.cyberdaily.au/security/13353-hacked-aura-confirms-at-least-900-000-impacted-by-shinyhunters-breach

Aura Event & Experiences cybersecurity rating report: https://www.rankiteo.com/company/aura

"id": "AUR1773887129",
"linkid": "aura",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Fewer than 20,000 active '
                                              'customers and less than 15,000 '
                                              'former customers',
                        'industry': 'Identity Protection',
                        'name': 'Aura',
                        'type': 'Company'}],
 'attack_vector': 'Phone Phishing',
 'data_breach': {'data_exfiltration': 'Yes (12GB claimed by ShinyHunters)',
                 'number_of_records_exposed': '900,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Low to moderate (no SSNs, passwords, '
                                        'or financial data for most records)',
                 'type_of_data_compromised': ['Names',
                                              'Email addresses',
                                              'Personally Identifiable '
                                              'Information (PII)',
                                              'Internal corporate records']},
 'description': 'Identity protection firm Aura confirmed a targeted phone '
                'phishing attack orchestrated by the ShinyHunters cyber '
                'extortion group, resulting in the compromise of approximately '
                '900,000 customer records. The breach occurred when a single '
                'employee’s account was breached for roughly one hour before '
                'detection. The exposed records primarily contained names and '
                'email addresses from a marketing tool inherited through a '
                '2021 acquisition. ShinyHunters claimed to have stolen 12GB of '
                'data, including PII and internal corporate records, and '
                'published it online after Aura failed to negotiate.',
 'impact': {'data_compromised': '900,000 records',
            'identity_theft_risk': 'Limited (no SSNs, passwords, or financial '
                                   'data exposed for most records)',
            'payment_information_risk': 'None',
            'systems_affected': 'Marketing tool (inherited via 2021 '
                                'acquisition)'},
 'initial_access_broker': {'entry_point': 'Single employee account'},
 'motivation': 'Cyber Extortion',
 'post_incident_analysis': {'root_causes': 'Phishing attack leading to account '
                                           'compromise'},
 'ransomware': {'data_exfiltration': 'Yes'},
 'references': [{'source': 'ShinyHunters darknet leak site'}],
 'response': {'containment_measures': 'Terminated access to breached account',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes',
              'third_party_assistance': 'External cybersecurity and legal '
                                        'experts'},
 'threat_actor': 'ShinyHunters',
 'title': 'Aura Discloses Phishing Attack Linked to ShinyHunters, Exposing '
          'Nearly 1M Records',
 'type': 'Phishing Attack'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.