Security Breach: Aura Exposes 900,000 Marketing Contacts’ Data

Aura Confirms Data Breach Exposing 900,000 Marketing Contacts

Aura, a company specializing in identity protection, has acknowledged a security breach where unauthorized individuals gained access to approximately 900,000 customer records containing names and email addresses.

The breach was attributed to a voice phishing attack that targeted an employee, resulting in the exposure of sensitive data belonging to 20,000 current customers and 15,000 former customers.

According to Aura, the breach stemmed from a marketing tool utilized by a company that Aura acquired in 2021, leading to the exposure of limited information.

As a consumer digital safety firm, Aura offers services such as identity theft protection, credit and fraud monitoring, and online security tools for phishing protection, positioning itself as a comprehensive online protection provider.

Recently, the threat group known as ShinyHunters claimed responsibility for the breach on their data extortion site, stating that they had accessed 12GB of files containing personally identifiable information (PII) of customers, as well as corporate data.

Customer information compromised in the breach includes full names, email addresses, home addresses, and phone numbers. However, Aura reassures that Social Security Numbers (SSNs), account passwords, and financial data were not compromised.

The Have I Been Pwned (HIBP) service analyzed the leaked data, noting that customer service comments and IP addresses were also exposed. HIBP highlighted that a significant portion of the email addresses exposed had been previously involved in security incidents.

When questioned about the number of affected accounts, Aura clarified that the figure reported by HIBP was accurate. The discrepancy was explained by the data inherited through the acquisition of the company in 2021, which only included 35,000 Aura customers.

Currently, Aura is conducting a thorough internal review in collaboration with external cybersecurity experts and has alerted law enforcement agencies regarding the breach.

Aura has stated its intention to send personalized notifications to all impacted individuals in the near future.

Malware is becoming more sophisticated. The Red Report 2026 delves into how new threats leverage mathematics to evade detection and camouflage themselves.

Gain insights from our analysis of 1.1 million malicious samples to uncover the top 10 techniques and assess the effectiveness of your security measures.

Download The Report