Cyberattack Hits Australian Banks: Employee Logins Stolen and Sold Online

Cybercriminals stole login credentials from nearly 100 employees across Australia’s top banks, leaking them on the dark web and Telegram channels.

Nearly 100 employees from Australia’s Big Four banks—ANZ, CommBank, NAB, and Westpac—have had their work logins stolen by cybercriminals, as reported by ABC News. The logins were taken using a type of malware called an “infostealer,” which secretly extracts valuable data from infected computers and phones.

ABC reports that these stolen login credentials were distributed through dark web forums and Telegram channels, providing hackers with easy access. The majority of those affected include active and former employees, as well as contractors who still maintain email access to corporate systems.

ABC previously reported that analyst Leonid Rozenberg described the situation as though hackers had an unrestricted entry point. Once access is gained, a hacker can install ransomware and steal large volumes of customer data.

Experts warn that even with multi-factor authentication (MFA) in place, security is not guaranteed—hackers need only one compromised login to breach a system. Rozenberg emphasized that attackers require just a single credential to carry out extensive damage, as reported by ABC.

The breach extended beyond direct bank employees. According to ABC, third-party service providers—including those handling communication and customer management—also had their credentials stolen. Rozenberg noted that attackers target not only direct bank access but also the external services banks rely on.

This discovery emerged after researchers found that the same malware had also stolen more than 31,000 banking passwords from customers, as noted by ABC. Cyber experts clarified that the malware resides on customer or employee devices, not on the banks’ internal systems.

According to Rozenberg, the malware poses a threat to any business, in any industry, anywhere in the world.