Overview
- An attacker used a targeted phone phishing scam to access an Aura employee account for about one hour before the company cut access and activated its incident response with law enforcement notified.
- About 900,000 records were accessed, largely names and email addresses tied to a marketing tool inherited from a 2021 acquisition.
- Aura estimates fewer than 20,000 active customers and fewer than 15,000 former customers are included within the exposed contacts.
- Have I Been Pwned added the leak to its database and reported that IP addresses, home addresses, phone numbers and customer service comments also appear in the data, with 90% of emails already known from prior breaches.
- ShinyHunters claimed responsibility and published roughly 12GB of files after saying talks failed, while HIBP’s slightly higher count contrasts with Aura’s figure, which the company attributes to the inherited marketing database.