Overview
- Aura reports roughly 900,000 records were accessed, largely names and emails tied to a marketing tool from a 2021 acquisition.
- A targeted voice-phishing call let an intruder into one employee account for about an hour before access was terminated.
- About 20,000 active customers and 15,000 former customers had additional details such as addresses or phone numbers included.
- Aura says no Social Security numbers, passwords, or financial information were exposed, and it has engaged external experts, notified law enforcement, and is preparing notifications to affected people.
- ShinyHunters published the stolen data after failed extortion attempts, and Have I Been Pwned added the breach to its database, noting 90% of exposed emails were already known from prior incidents.