Everything is online these days, which means that all it takes is for a data breach for our personal and private details to make their way onto the internet. Unfortunately, that was what happened with the identity protection company, Aura, which recently confirmed a data breach that exposed customer records.
Aura data breach exposes customer records
Aura has confirmed a data breach that resulted in customer records being exposed. To be more specific, about 900,000 records were revealed containing names and email addresses.
In a press release on its website, the firm says, “Aura is aware of an incident where one of our employees was the victim of a targeted phone phishing attack. We identified that an unauthorized third party gained access to that employee’s account for approximately one hour. Upon discovery, Aura immediately terminated access to the account and activated its incident response plan, engaged external cybersecurity and legal experts, and notified law enforcement.”
So, who was behind the attack? A group called ShinyHunters has claimed responsibility for it. The group claimed that they tried to negotiate with Aura but “failed to reach an agreement.” This resulted in the stolen files being leaked. For those wondering why the name sounds familiar, it is because ShinyHunters were behind other data breaches like AT&T and Salesforce.
But it’s not all bad news
Now, this data breach sounds concerning. 900,000 records is a pretty big number, but it isn’t as bad as you might think. According to an update from Aura, they claimed that the records are from marketing lists. It came from a contact list from a company that Aura acquired five years ago.
The company also says that the breach did not leak any sensitive information. “As our investigation into this security incident has progressed, we can confirm that no database supporting the Aura identity theft protection application was accessed in any way. No sensitive information provided by customers to Aura for monitoring purposes—such as Social Security numbers, financial information, credit records, or passwords—was compromised.”
Still, it doesn’t mean you shouldn’t do anything about it. Names and email addresses are really all you need to put together phishing attacks. So, if you have used Aura or have been involved with the company, you might want to stay extra vigilant. Especially when it comes to calls, messages, or emails.
The post The Irony Is Rich: An Identity Protection Company Just Had Its Customer Records Stolen appeared first on Android Headlines.
