Aura Confirms Data Breach Affecting Nearly 900,000 Records After Vishing Attack
Aura, a digital security provider, disclosed a data breach exposing nearly 900,000 records following a voice phishing (vishing) attack targeting an employee. The incident stemmed from a marketing platform acquired in 2021, rather than Aura’s core account systems.
The compromised data included full names, email addresses, home addresses, and phone numbers, impacting approximately 20,000 current and 15,000 former customers. A larger pool of marketing contacts was also exposed. Notably, Social Security numbers, passwords, and financial details were not accessed, reducing the risk of immediate account takeovers. However, the stolen contact information could fuel follow-up phishing, impersonation, or fraud campaigns.
The breach gained attention after the threat group ShinyHunters claimed responsibility, listing Aura on its extortion site and alleging the theft of 12GB of files containing customer and internal corporate data. While Aura confirmed the breach, it has not verified all of ShinyHunters’ claims, including broader allegations about single sign-on access. Data breach monitoring services later reported a leaked CRM dataset with over 900,000 email records, some of which had appeared in prior breaches. The exposed data may also include IP addresses and customer service notes.
Aura is collaborating with external cybersecurity experts, has notified law enforcement, and plans to contact affected individuals directly. The incident underscores the risks associated with inherited systems from mergers and acquisitions, as well as the persistent threat of phishing-led compromises leading to extortion and data leaks. The breach has been added to Have I Been Pwned, allowing users to check if their information was exposed.
Source: https://www.bitdefender.com/en-us/blog/hotforsecurity/aura-data-breach
Aura Event & Experiences cybersecurity rating report: https://www.rankiteo.com/company/aura
"id": "AUR1773923568",
"linkid": "aura",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '20,000 current and 15,000 '
'former customers, plus '
'marketing contacts',
'industry': 'Cybersecurity',
'name': 'Aura',
'type': 'Digital Security Provider'}],
'attack_vector': 'Vishing (Voice Phishing)',
'customer_advisories': 'Direct notifications planned',
'data_breach': {'data_exfiltration': 'Alleged 12GB of files (customer and '
'internal corporate data)',
'number_of_records_exposed': 'Nearly 900,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate (PII, but no SSNs, '
'passwords, or financial details)',
'type_of_data_compromised': ['Full names',
'Email addresses',
'Home addresses',
'Phone numbers',
'IP addresses',
'Customer service notes']},
'description': 'Aura, a digital security provider, disclosed a data breach '
'exposing nearly 900,000 records following a voice phishing '
'(vishing) attack targeting an employee. The incident stemmed '
'from a marketing platform acquired in 2021, rather than '
'Aura’s core account systems. The compromised data included '
'full names, email addresses, home addresses, and phone '
'numbers, impacting approximately 20,000 current and 15,000 '
'former customers. A larger pool of marketing contacts was '
'also exposed. The breach gained attention after the threat '
'group ShinyHunters claimed responsibility, listing Aura on '
'its extortion site and alleging the theft of 12GB of files '
'containing customer and internal corporate data. Data breach '
'monitoring services later reported a leaked CRM dataset with '
'over 900,000 email records, some of which had appeared in '
'prior breaches. The exposed data may also include IP '
'addresses and customer service notes.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Nearly 900,000 records',
'identity_theft_risk': 'Potential (phishing, impersonation, fraud)',
'payment_information_risk': 'No',
'systems_affected': 'Marketing platform (acquired in 2021)'},
'initial_access_broker': {'entry_point': 'Employee targeted via vishing'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Risks associated with inherited systems from mergers and '
'acquisitions, persistent threat of phishing-led '
'compromises leading to extortion and data leaks',
'motivation': 'Extortion, Data Theft',
'post_incident_analysis': {'root_causes': 'Vishing attack on employee, '
'inherited marketing platform '
'vulnerabilities'},
'ransomware': {'data_exfiltration': 'Alleged'},
'references': [{'source': 'Have I Been Pwned'}],
'response': {'communication_strategy': 'Direct notifications to affected '
'individuals, added to Have I Been '
'Pwned',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'External cybersecurity experts'},
'threat_actor': 'ShinyHunters',
'title': 'Aura Confirms Data Breach Affecting Nearly 900,000 Records After '
'Vishing Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Employee targeted via vishing'}