160/69 Friday, March 20, 2026
Aura, a provider of digital security and identity protection services, has confirmed a major data breach after the cybercrime group ShinyHunters publicly released approximately 12GB of data following failed negotiations. The leaked dataset contains more than 900,000 records, which Aura stated are primarily marketing-related data inherited from a company it acquired in 2021. Among these, approximately 35,000 records belong directly to Aura customers, including 20,000 current users and 15,000 former customers.
The investigation revealed that the breach originated from a voice phishing (vishing) attack targeting company employees, tricking them into disclosing credentials that enabled unauthorized access to internal systems and customer databases. The exposed data includes full names, email addresses, physical addresses, and phone numbers. While Aura confirmed that passwords, national ID numbers, and financial data were not compromised, Have I Been Pwned (HIBP) reported that the leak also includes customer service chat logs and IP addresses, which could be leveraged for further cyberattacks.
Aura is currently conducting a detailed investigation in collaboration with external cybersecurity experts and has notified relevant law enforcement authorities. The company plans to notify all affected individuals in the near future. According to HIBP, over 90% of the leaked email addresses had previously appeared in other data breaches. Nevertheless, users are strongly advised to remain vigilant against suspicious communications-whether via phone or email-and to enable multi-factor authentication (2FA) to enhance the security of their accounts across all platforms.