Identity protection company Aura confirmed a data breach initiated by a voice phishing attack targeting an employee. The threat group ShinyHunters exfiltrated 12GB of files from a legacy marketing tool, exposing nearly 900,000 customer records. The data was subsequently leaked on ShinyHunters' extortion site after negotiations failed.
Initial Access
Voice Phishing Lure
confirmed
An unauthorized party initiated a voice phishing attack, specifically targeting an employee of Aura.
Defender cut points
Employee security awareness training focused on vishing attacksImplement robust call verification protocols for sensitive requests
