Aura confirms data breach exposing 900k marketing contacts

bleepingcomputer.com · 01-_- · 4 days ago · view on HN · threat
0 net
Tags
info-disclosure malware microsoft node phishing
Aura confirms data breach exposing 900,000 marketing contacts Home News Security Aura confirms data breach exposing 900,000 marketing contacts Aura confirms data breach exposing 900,000 marketing contacts By Bill Toulas March 18, 2026 06:56 PM 0 Identity protection company Aura has confirmed that an unauthorized party gained access to nearly 900,000 records containing names and email addresses. The company states that the incident was caused by a voice phishing attack targeting an employee, which exposed the sensitive data of 20,000 current and 15,000 former customers. In a communication this week, Aura states that the data originated from a marketing tool used by a company acquired by Aura in 2021, which exposed limited information. Aura is a consumer digital safety firm that sells identity theft protection, credit and fraud monitoring, and online security tools for phishing protection, positioning itself as an all-in-one service for online protection. Earlier this week, the threat group ShinyHunters claimed the attack on their data extortion site, stating that they stole 12GB of files containing personally identifiable information (PII) on customers, as well as corporate data. The threat actor leaked the stolen files, saying that the company “failed to reach an agreement with them despite all the chances and offers” they made. Leaked Aura data on the ShinyHunters site Source: BleepingComputer According to Aura, the compromised customer information includes full names, email addresses, home addresses, and phone numbers. The company emphasizes that Social Security Numbers (SSNs), account passwords, and financial information were not compromised. The Have I Been Pwned (HIBP) service analyzed the leaked data and added it to its database , noting that customer service comments and IP addresses were also exposed. HIBP also stated that 90% of the email addresses exposed in this incident were already present in its database from past security incidents. BleepingComputer has asked Aura about the discrepancy between HIBP reporting a little over 901,000 affected accounts, and the company said that their figure was accurate. This is explained by the fact that the data collected through the marketing tool was inherited when acquiring the company in 2021. However, the database contained only 35,000 Aura customers. The company declined to comment further on ShinyHunters’ claims or the alleged Okta SSO compromise. Currently, Aura is conducting an in-depth internal review in partnership with external cybersecurity experts and has confirmed to BleepingComputer that they have also informed law enforcement authorities. Aura told us that it will soon send personalized notifications to all affected individuals. Update [March 19]: Article edited to reflect that the 900,000 records were not associated with Aura customers, but were part of a marketing contact list that had been shared with a company acquired by Aura in 2021. Red Report 2026: Why Ransomware Encryption Dropped 38% Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight. Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded. Download The Report Related Articles: Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match CarGurus data breach exposes information of 12.4 million accounts Data breach at fintech firm Figure affects nearly 1 million accounts Eurail says stolen traveler data now up for sale on dark web Canadian retail giant Loblaw notifies customers of data breach Aura Customer Data Data Breach Data Leak ShinyHunters Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Stryker attack wiped tens of thousands of devices, no malware needed Microsoft Exchange Online outage blocks access to mailboxes GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX Sponsor Posts Uncover shadow AI apps, users, and risky data sharing. Get started in 5 min. Are refund fraud methods targeting your brand? You can monitor the underground for these threats. Secure your AI agents without sacrificing speed. Cut VMware migration time by 60% with Acronis—move workloads faster, with less downtime. Overdue a password health-check? Audit your Active Directory for free Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories