Aura data breach: What happened and how to respond

What happened in the Aura data breach?

An unauthorized third party gained access to a dataset containing roughly 900,000 records of personal information held by Aura, a provider of identity theft protection services. The breach reportedly occurred after an Aura employee fell victim to a voice phishing (vishing) attack.

Reporting from BleepingComputer indicates that ShinyHunters, a cybercriminal group, is taking credit for the incident, claiming it exfiltrated approximately 12GB of data, including personally identifiable information (PII) and corporate data.

Aura has stated that most of the exposed data came from a marketing tool it acquired in 2021 and primarily included names and email addresses. However, the company also confirmed that more detailed contact information — such as names, email addresses, phone numbers, and physical addresses — was exposed for up to 35,000 current and former customers. Analysis by Have I Been Pwned suggests that some IP addresses and customer service notes have been breached as well.

Any service, especially one that sells identity theft protection, must treat the protection of customer data as paramount. And although Aura says that Social Security numbers, passwords, and financial details were not involved, the exposure of contact information can still create real risk. With this type of data, scammers can craft highly convincing phishing and social engineering attacks, targeting victims with messages that appear legitimate to trick them into revealing sensitive information or sending money.

What data was exposed?

Early reports indicate that the breach primarily exposed basic contact information tied to approximately 900,000 unique email addresses.

Aura also confirmed that a smaller group  —  around 20,000 current customers and 15,000 former customers — had more detailed contact data compromised. This included home addresses and phone numbers.

By themselves, these details may not seem like much. But when they end up in the hands of cybercriminals, they can still be abused. And the risks for those affected are real. When attackers can link a name to accurate contact information, they can create highly personalized phishing emails or scam calls that feel legitimate, making them harder to spot.

Moreover, information from multiple data breaches can sometimes be combined, allowing threat actors to build richer profiles on potential victims and increase their chances of success.

What caused the Aura data breach?

Available reporting suggests the breach began when the ShinyHunters hacker group launched a vishing attack aimed at an Aura employee. By posing as a trusted party over the phone, the attacker was apparently able to manipulate the employee into providing access for around one hour — either by sharing credentials or approving a request tied to internal systems.

This approach reflects broader trends in cybercrime. Rather than breaking through technical defenses, attackers often focus on human error, using so-called “scam yourself” tactics to gain an initial foothold before moving laterally and extracting data.

How has Aura responded?

After detecting the unauthorized access, Aura says it moved to contain the incident and prevent further exposure. The company initiated its internal response procedures, brought in external cybersecurity specialists to investigate, and notified law enforcement.

Aura has also begun contacting individuals who may have been affected, providing information about the breach and guidance on what steps to take next.

What to do if you were impacted by the Aura breach

If your information was exposed in the Aura data breach, it’s important to stay alert for  suspicious messages that might be phishing attacks, update your passwords, enable two-factor authentication, and consider using a trusted cybersecurity and identity theft protection solution to monitor for ongoing risks.

Here’s a closer look at the steps to take after a data breach to help mitigate the impact:

• Stay alert to unexpected messages: Be wary of emails, texts, or phone calls you didn’t initiate. Scammers may reference Aura or use your full name to appear credible. If anything feels off, avoid sharing more personal details, don’t send money, and end the interaction.
• Avoid suspicious links and attachments: Messages from unknown or unverified sources may contain malicious links or files. Clicking them could expose your device to malware or harmful sites designed to steal your information.
• Update your passwords: If your email address was exposed, it could be used in credential-stuffing attacks. Use strong, unique passwords for each account and consider a password manager to keep track of them securely.
• Enable two-factor authentication (2FA): Adding a second layer of verification can help protect your accounts, even if your login credentials are compromised. Remember that authentication apps are generally more secure than SMS-based codes.
• Monitor your financial and online accounts: Keep an eye out for unusual transactions, login attempts, or changes to your accounts. Early detection can limit the fallout in the event of identity theft or fraud.
• Consider placing a credit freeze: Restricting access to your credit file can help prevent unauthorized accounts from being opened in your name. It’s a strong precaution if you’re concerned about identity misuse.
• Use comprehensive protection tools: Combining good digital hygiene with reliable cybersecurity tools will keep your data and identity safer. Solutions like Norton 360 with LifeLock can help alert you to suspicious account activity, provide device-level protection, and support you with restoration coverage if you ever fall victim.

Protect your identity, devices, and finances

When your personal data is exposed, acting quickly can make all the difference. Norton 360 with LifeLock empowers you to fight identity threats. It provides continuous monitoring, notifications about suspicious activity involving your credit and personal data, dedicated restoration specialists if your identity is compromised, and up to $3 million in financial coverage if your identity is stolen.

All this is built on top of Norton’s award-winning security engine, which helps safeguard your devices and online activity. With real-time malware protection, a built-in VPN, and a tool kit of advanced scam protection features, Norton 360 with LifeLock helps reduce your exposure to the scams and attacks that often follow data breaches.