Scam protection company Aura just got scammed: 900,000 records stolen

Published: 19 March 2026
Last updated: 25 March 2026
aura falls for phone phishing scam

A company promising to protect you from scams just got scammed itself. Over 900,000 records are now floating on the dark web after attackers dropped an entire dataset.

Identity protection firm Aura has admitted to a data security incident and begun notifying affected customers after a company employee was targeted in a phone-based phishing attack.

An employee falling for a phishing scam is extremely paradoxical, as Aura has over a million customers and sells services to protect users from identity theft and scams. The company reports $300 million in annual revenue.

ADVERTISEMENT

In its security notice, the Boston-based company claims that the attacker had access to the internal systems for approximately an hour before the intrusion was detected and terminated.

“We can confirm that the unauthorized party was able to access approximately 900,000 records, the vast majority of which consist of names and email addresses from a marketing tool used by a company Aura acquired in 2021,” the company said in the statement.

Aura says that the breach affected around 20,000 active customers and 15,000 former customers. The company says that Social Security numbers, passwords, and financial information were not compromised, claiming that sensitive data is “encrypted and access is highly restricted.”

aura data breach 2
Screenshot of leaked data. Source: Cybernews

Who breached Aura?

The threat actor behind the attack is likely to be ShinyHunters. The notorious gang just dropped 12GB of data allegedly belonging to Aura on its leak site on the dark net.

“The company failed to reach an agreement with us despite all the chances and offers we made. They don't care,” the gang wrote in its post.

Cybernews researchers investigated the leaked data and found that the dataset contained more than 900,000 records.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

“Most of the records look like internal company data, which exposes intellectual property,” our research team said.

“Also, it reveals how the company operates, which allows malicious actors to accurately evaluate possible attack surfaces. Customers are at risk of fraud and social engineering attacks,” they added.

What Aura data has been leaked already?

  • Internal company files, such as confidential employee documents (which include employee PII, their job details), product reviews for potential investors
  • Multiple documents with customer lists, including full names, email addresses, home addresses, phone numbers, and marketing flags
  • Logs of customer support conversations, referencing specific employees who worked on an issue, a general description, and categories of the problem
  • Documents with marketing campaigns
  • Documents that reference internal operational company policies.
  • Full-length company meeting recordings
  • New employee onboarding guidelines

Who has ShinyHunters breached before?

While ShinyHunters has been active since 2020, it has recently caused chaos after breaching Dutch telecom provider Odido. A compromise of its customer relationship management system left nearly 7 million customers exposed, which is nearly a third of the country's population. After negotiations failed, the attackers leaked the stolen data online.

Starting this year, ShinyHunters reportedly ran an active voice phishing campaign to steal single sign-on (SSO) credentials for Okta, Microsoft, and Google accounts.

aura data breach
Screenshot of leaked data. Source: Cybernews

In February, the gang leaked stolen data of two heavyweight US investment advisory firms – Mercer Advisors and Beacon Pointe Advisors.

ADVERTISEMENT

ShinyHunters was also attributed to a potential data breach at Waltio, a prominent French cryptocurrency tax filing platform, which the hackers controversially linked to kidnapping cases in France.

The gang has also claimed breaches at Bumble, Match Group, operating Hinge, Match, and OkCupid services, and Panera Bread.

It also targeted the private company intelligence platform Crunchbase. According to the company, the threat actor exfiltrated “certain documents” from its corporate network.

All this, and it’s only March. ShinyHunters is pushing harder on attacks, indicating that the previous arrests of four gang members in France, as well as the takedown of an English-language underground forum known as BreachForums, which is managed by the gang, have not had a significant impact on its illicit operations.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta confirms: critical vulnerability in account recovery tool exposed over 20K Instagram users
UK to use AI to prepare for AI-induced employment challenges
Dark web drug vendor gets 26 years for selling fentanyl and meth
Meta escalates legal battle with Israeli spyware firm NSO over WhatsApp attacks
UK PM Starmer set to ban social media for Under-16s
OpenAI plans biggest ChatGPT overhaul ahead of listing
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked