Aura customer data exposed in voice phishing attack

March 19, 2026

(Adobe Stock)

As reported by Bleeping Computer, identity protection company Aura has confirmed a data breach affecting nearly 900,000 customer records, primarily containing names and email addresses. The incident stemmed from a voice phishing attack that compromised an employee's credentials.

The breach involved data originating from a marketing tool acquired by Aura in 2021. The threat group ShinyHunters claimed responsibility, stating they stole 12GB of files. Aura confirmed that the exposed information includes names, email addresses, home addresses, and phone numbers for 20,000 current and 15,000 former customers. However, the company asserts that sensitive data such as Social Security Numbers, account passwords, and financial information were not accessed. The Have I Been Pwned service noted that 90% of the exposed email addresses were already in its database from previous incidents.

Aura is conducting an internal review with cybersecurity experts and has notified law enforcement. Affected individuals will receive personalized notifications.

Source: Bleeping Computer

SC Staff

Oracle Corporation location. Oracle offers technology and cloud based solutions II

Data Security

ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks

SC StaffJune 10, 2026

The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises Oracle PeopleSoft instances.

Data Security