Aura data breach: What happened and how to stay protected

What happened in the Aura data breach?

An unauthorized third party gained access to a dataset containing around 900,000 records of personal information after accessing the account of an Aura employee in a targeted voice phishing (vishing) campaign.

According to reporting from BleepingComputer, the hacking group ShinyHunters has claimed responsibility for the breach, saying they stole “12GB of files containing personally identifiable information (PII) on customers, as well as corporate data.”

In its statement on the incident, Aura said the majority of compromised records were names and email addresses in a marketing tool the company acquired in 2021. Aura acknowledged that contact details — including the names, emails, phone numbers, and physical addresses — of up to 35,000 current and former Aura customers were also exposed.

While Aura has claimed that “no Social Security numbers, passwords, or financial information were compromised,” anyone whose contact information was exposed may be at increased risk of sophisticated, targeted phishing and social engineering scams, including  malicious emails, texts, or calls that look and sound legitimate but aim to steal your money or identity.

As PCMag notes, “the breach is ironic considering Aura — which has over 1 million customers — sells services to protect users from identity theft and scams.”

What data was exposed?

According to early reports, the 900,000 compromised records included:

• Names.
• Email addresses.

Based on Aura’s disclosure, some individuals impacted — up to 20,000 active Aura customers and 15,000 former customers — had additional contact details exposed, including:

• Physical home addresses.
• Phone numbers.

While this type of information is not considered highly sensitive on its own, it can be particularly useful to attackers. If a scammer knows the name associated with a set of contact details, they can craft more convincing phishing emails, texts, or phone calls that appear legitimate and personalized, making them harder to detect. And the exposed personal information can be combined with other leaked data, giving hackers more opportunities to carry out attacks.

What data was not exposed?

According to Aura, the databases supporting its identity theft protection services were not accessed in the data breach, and the information exposed does not include:

• Social Security numbers.
• Financial account information.
• Passwords or login credentials.

While that limits the direct risk of account takeovers, the stolen information can still be used in targeted phishing, fraud, and social engineering campaigns.

What caused the Aura data breach?

Based on reports, ShinyHunters, the hacker group claiming responsibility for the breach, targeted an Aura employee with a phone-based phishing attack, tricking them into revealing account credentials or granting access to restricted data.

This is a common cybercrime tactic: attackers bypass technical defenses by exploiting human trust, then move into other systems to extract sensitive information.

How did Aura respond?

Aura responded to the breach by closing the unauthorized access after it was identified and activating its incident response process. The company has also said that it has engaged external cybersecurity experts, contacted law enforcement, and begun notifying affected individuals.

What to do if you were impacted by the Aura breach

If your data was compromised in the Aura data breach, you should be wary of unsolicited communication, change your passwords, set up two-factor authentication, and consider using an alternative identity theft protection service to monitor future threats.

Any personally identifiable information in the hands of bad actors can increase your risk of experiencing targeted phishing or social engineering attacks. And if the info is combined with data from other leaks, the risks escalate.

Here’s a more detailed look at what you should do after a data breach to defend against follow-up risks:

• Be cautious of unsolicited contact: Look out for emails, texts, or phone calls you weren’t expecting. Attackers may know your name, use urgent language, or reference Aura or other services. Don’t give away any personal information or make a payment. If you're suspicious, cut contact immediately.
• Don’t click unknown links: If you receive emails, texts, or social media messages containing links or attachments from people you don’t know and trust, ignore them and don’t click any links or download attachments. If you do, your device could be infected with malware.
• Change your passwords: Attackers can combine exposed email addresses with previously leaked passwords to carry out further attacks. Make sure all of your online accounts have strong, unique passwords.
• Set up two-factor authentication: For an added layer of account security, enable two-factor authentication on all your sensitive online accounts. This will help stop hackers from accessing your accounts even if they have your login credentials, as they will also need a code sent to your phone, email address, or authentication app.
• Monitor your accounts: Look out for suspicious activity on your financial accounts, credit reports, and online accounts. Attackers may combine breached data with information from the dark web to commit fraud, and early detection is key.
• Consider freezing your credit: A credit freeze, which restricts access to your credit files and stops creditors from approving new lines of credit, can be a sensible precautionary step. It can help protect against credit fraud if you fall victim to a follow-up scam that grants an attacker access to more sensitive information.
• Get reliable identity theft protection: There are alternatives to Aura that can help you monitor your credit, financial accounts, and the dark web, making it easier to spot data exposure or follow-up attacks. You’ll also get identity theft restoration support and reimbursement coverage to help protect against the potential financial fallout.

Protect your identity and finances with LifeLock

It might seem like data breaches are happening all the time, but that doesn’t make them any less dangerous.

LifeLock is a reliable identity theft protection service with more than 13,000 customer reviews and a 4.9 rating on Trustpilot. Subscribers get credit monitoring, dark web monitoring, alerts if suspicious financial account activity is detected, and up to $3M in identity theft reimbursement coverage.

Plus, a LifeLock membership includes an automatic data broker removal service and up to $10,000 in scam reimbursement coverage.