Thousands of Australians have had their bank login details stolen and sold on the dark web. A cybersecurity firm, Dvuln, found over 30,000 sets of credentials from the country’s four biggest banks: Commonwealth Bank, ANZ, NAB, and Westpac. The data was collected using malware on personal devices.
The malware, known as infostealer, secretly installs on devices and steals sensitive information. KELA, a cybersecurity intelligence firm, estimates that over 3.9 billion passwords have been stolen worldwide using this type of malware.
How the Data Was Stolen
The stolen data includes login details from:
- 14,000 Commonwealth Bank customers
- 7,000 ANZ customers
- 5,000 NAB customers
- 4,000 Westpac customers
The data was collected over at least four years. Dvuln says the banks weren’t directly hacked. Instead, individual devices were infected with malware.
A Global Problem
This isn’t just an Australian problem. Cybersecurity experts say people worldwide are at risk. The stolen data is often traded on private channels, making it hard to track. This means the actual number of people affected could be much higher.
Dvuln and KELA are calling for a coordinated effort to tackle the issue. They say it’s not just up to individuals to protect themselves, but also software developers, governments, and financial institutions.
Protecting Yourself
To stay safe, experts recommend:
- Keeping your devices and software up to date
- Using two-factor authentication (2FA)
- Avoiding apps from untrusted sources
The affected banks have told customers to check their devices and change their passwords. While the stolen data has already been circulated, early detection and user education can help reduce the impact.
In the long run, experts say a more comprehensive approach is needed to combat this type of fraud. This includes better cybersecurity measures from financial institutions, governments, and software developers.