GoKawiilIdentity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses.
The company states that the incident was caused by a voice phishing attack targeting an employee, which exposed the sensitive data of 20,000 current and 15,000 former customers.
In a communication this week, Aura states that the data originated from a marketing tool used by a company acquired by Aura in 2021, which exposed limited information.
Aura is a consumer digital safety firm that sells identity theft protection, credit and fraud monitoring, and online security tools for phishing protection, positioning itself as an all-in-one service for online protection.
Earlier this week, the threat group ShinyHunters claimed the attack on their data extortion site, stating that they stole 12GB of files containing personally identifiable information (PII) on customers, as well as corporate data.
The threat actor leaked the stolen files, saying that the company “failed to reach an agreement with them despite all the chances and offers” they made.
Leaked Aura data on the ShinyHunters site
Source: BleepingComputer
According to Aura, the compromised customer information includes full names, email addresses, home addresses, and phone numbers. The company emphasizes that Social Security Numbers (SSNs), account passwords, and financial information were not compromised.
The Have I Been Pwned (HIBP) service analyzed the leaked data and added it to its database, noting that customer service comments and IP addresses were also exposed. HIBP also stated that 90% of the email addresses exposed in this incident were already present in its database from past security incidents.
... continue reading