Skip to content

Over 30,000 Australian banking credentials stolen

  • by
  • 2 min read

Security researchers have discovered that over 30,000 Australians have lost their banking credentials to infostealers. The figure came to light after researchers analysed infostealer logs between 2021 and 2025, identifying customer credentials for four major Australian banks.

Penetration testing firm Dvuln claims that there has been a constant rise in the number of stolen credentials from 2021 to 2023, before finally dipping in 2024. The Nightly reports that banking details discovered by Dvuln belong to at least 14,000 CommBank, 7,000 ANZ, 5,000 NAB, and 4,000 Westpac customers. Additionally, since these figures come from infostealer logs, the actual number is likely far higher.

Dvuln’s founder, Jamie O’Reilly, made it clear to ABC News that this isn’t a vulnerability in the bank’s systems. These stolen credentials originate purely from customer devices being breached, with O’Reilly claiming that research shows nearly 50 percent of devices were infected with infostealers.

This is an image of spyware on pc

Infostealer malware is a tricky problem to solve. In addition to stealing a user’s account credentials, this malware can also steal cookies or session tokens that let attackers replicate someone else’s browser session on their machines. To the service, in this case the bank, it appears that the user is logging in from a trusted device.

For banks or other concerned organisations, this presents a two-fold challenge. First, they need to improve their systems to differentiate between authentic and stolen sessions, and second, they need to protect user accounts better. Since session tokens can bypass multi-factor authentication measures, most generic cybersecurity measures fall short.

Protecting yourself from these threats is as simple as not clicking on or downloading any suspicious software or email attachments, updating your passwords regularly, and using strong multi-factor authentication measures. Keeping your operating system and antivirus updated can also help protect you from invisible digital threats.

In the News: Nvidia Riva API at risk of DoS attacks and data extraction

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of facebook ads instagram 23898

Android users are getting bombarded with unskippable ads

Photo: in green / shutterstock. Com

High-severity Chrome flaw exploited in the wild patched

This is an image of hacked security illustration 11

Novel infostealer caught stealing browser data and crypto wallet extensions

This is an image of malware featured security

Malware targets 6 countries using fake invoice emails

This is an image of data breach featured cybersecurity 113 e1666861228304

M&S confirms data leak during cyberattack

Photo: arnav pratap singh / shutterstock. Com

UPI outage disrupts Indian payment systems

>