Aura Suffers Data Breach After Employee Falls Victim to Voice Phishing Attack
Aura, an online safety and identity protection provider, disclosed a data breach affecting approximately 900,000 records after a targeted voice phishing (vishing) attack compromised an employee’s account. The incident, which occurred when an unauthorized third party gained access for roughly an hour, was detected and contained quickly, with Aura revoking access, activating its incident response plan, and engaging external cybersecurity and legal experts.
The majority of the exposed records primarily names and email addresses were stored in a marketing tool linked to a company Aura acquired in 2021. However, the breach also included contact details (names, emails, home addresses, and phone numbers) for fewer than 20,000 active customers and 15,000 former customers. Aura confirmed that sensitive data, such as Social Security numbers, passwords, and financial information, was not accessed.
The breach gained attention after the ShinyHunters threat group advertised the stolen data, claiming it included personally identifiable information (PII) and internal corporate material. ShinyHunters alleged the attack exploited an Okta single sign-on (SSO) vulnerability. Meanwhile, Have I Been Pwned (HIBP) added the incident to its database, reporting that the leaked data affecting 903,100 accounts also included IP addresses and customer service notes. HIBP noted that about 90% of the records were already circulating from prior breaches.
Aura is notifying affected individuals and offering support, though the company emphasized that its core sensitive data stores remained secure. The incident underscores the risks of social engineering attacks, even for firms specializing in cybersecurity.
Source: https://cyberinsider.com/identity-protection-firm-aura-suffers-data-breach-exposing-900000-records/
TAURA Consultoria e Representações cybersecurity rating report: https://www.rankiteo.com/company/taura
"id": "TAU1773845367",
"linkid": "taura",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '903,100 (including 20,000 '
'active and 15,000 former '
'customers)',
'industry': 'Online Safety and Identity Protection',
'name': 'Aura',
'type': 'Company'}],
'attack_vector': 'Voice Phishing (Vishing)',
'customer_advisories': 'Notifying affected individuals, offering support',
'data_breach': {'data_exfiltration': 'Yes (advertised by ShinyHunters)',
'number_of_records_exposed': '903,100',
'personally_identifiable_information': 'Yes (Names, emails, '
'addresses, phone '
'numbers)',
'sensitivity_of_data': 'Low to Moderate (No SSNs, passwords, '
'or financial data)',
'type_of_data_compromised': ['Names',
'Email addresses',
'Home addresses',
'Phone numbers',
'IP addresses',
'Customer service notes']},
'description': 'Aura, an online safety and identity protection provider, '
'disclosed a data breach affecting approximately 900,000 '
'records after a targeted voice phishing (vishing) attack '
'compromised an employee’s account. The unauthorized access '
'lasted roughly an hour before being detected and contained. '
'The breach included names, email addresses, and contact '
'details for some customers, but sensitive data like Social '
'Security numbers, passwords, and financial information was '
'not accessed.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': '903,100 records',
'identity_theft_risk': 'Limited (PII exposed but no SSNs or '
'financial data)',
'operational_impact': 'Incident response plan activated, external '
'experts engaged',
'payment_information_risk': 'No',
'systems_affected': 'Marketing tool linked to an acquired company'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (advertised by '
'ShinyHunters)',
'entry_point': 'Employee account via voice '
'phishing'},
'investigation_status': 'Contained, ongoing analysis',
'lessons_learned': 'Risks of social engineering attacks persist even for '
'cybersecurity-focused firms; importance of rapid incident '
'response and containment.',
'motivation': 'Data Theft for Sale on Dark Web',
'post_incident_analysis': {'root_causes': 'Employee compromise via voice '
'phishing, potential Okta SSO '
'vulnerability'},
'references': [{'source': 'Have I Been Pwned (HIBP)'}],
'response': {'communication_strategy': 'Notifying affected individuals, '
'offering support',
'containment_measures': 'Access revoked, unauthorized session '
'terminated',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'External cybersecurity and legal '
'experts'},
'threat_actor': 'ShinyHunters',
'title': 'Aura Data Breach After Employee Falls Victim to Voice Phishing '
'Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Social Engineering (Employee Compromise)'}