AUS
NZ
UK
CA
USA
FRA
GER
ESP
ITA
NLD
PRT
SWE
GRC
IND
POL
BRA
ZAF
RUS
CHN
UAE
Highlights
- Over 31,000 banking credentials exposed online
- Malware linked to widespread financial data theft
- Cybercrime syndicates thriving on dark web trade
A new cybersecurity audit has uncovered a massive wave of credential theft affecting Australian banks, revealing that over 31,000 banking passwords have been stolen and traded online. This data breach affects customers of the country’s major financial institutions — including Commonwealth Bank (ASX:CBA), ANZ Group (ASX:ANZ), National Australia Bank (ASX:NAB), and Westpac Banking Corporation (ASX:WBC).
The data breach stems from the spread of “infostealer” malware — malicious software designed to infiltrate devices and extract sensitive data such as banking credentials, credit card numbers, and even cryptocurrency wallet information. These digital threats have largely impacted Windows devices, but recent cases have shown a growing presence on mobile systems as well.
The audit disclosed that 14,000 credentials were linked to Commonwealth Bank, 7,000 to ANZ, 5,000 to NAB, and 4,000 to Westpac. Many of these stolen credentials were harvested as far back as 2021, yet they remain highly sought after by cybercriminals. The persistence of this threat is partly due to the reuse of outdated passwords and the exploitation of browser cookies and authentication tokens that can bypass security layers.
This form of theft has been dubbed a “silent heist” — a subtle but large-scale attack on personal finance. Even though multi-factor authentication and password changes are encouraged, they may fall short if the underlying device remains compromised.
Cybercriminal networks have turned this illicit trade into a full-fledged ecosystem. Credentials are not just being sold individually but are offered in bulk packages and subscription models on encrypted platforms like Telegram. Some criminals even offer lifetime access to stolen credentials for thousands of dollars, capitalising on the continuous supply of breached data.
Globally, the numbers are staggering. More than 31 million devices have been compromised worldwide, including 58,000 in Australia alone. The trade of sensitive data continues to expand across forums and dark web marketplaces.
Experts stress the importance of regular software updates, antivirus protection, and cautious downloading habits. Avoiding pirated applications and using secure devices for financial transactions are essential steps to mitigate the risk.
Authorities remain vigilant as cybercrime grows in sophistication and scale, threatening the security of individual users and the broader financial ecosystem.
Would you like this article prepared for publishing or converted into a visual format like an infographic?
