Summary

In a troubling development for Australia’s financial and cybersecurity landscape, more than 31,000 passwords belonging to customers of the country’s Big Four banks—Commonwealth Bank, ANZ, NAB, and Westpac—have been found circulating, including Telegram and the dark web.

The stolen credentials were not the result of a breach within the banks themselves, but rather the consequence of infostealer malware infections on individual users’ devices. According to cybersecurity experts, these types of malware silently extract data such as banking credentials, credit card numbers, browser data, and more—then ship it off to cybercriminal groups who trade, sell, or give it away online.

What Happened?

Cyber intelligence firm Dvuln discovered that infostealer malware had infected thousands of devices, extracting sensitive information directly from users’ computers. Unlike traditional hacking methods that target bank systems, this malware infiltrates personal devices, harvesting data such as passwords, credit card details, and browser information.

Infostealers, as their name suggests, are a class of malware designed to silently infiltrate a system and exfiltrate as much useful information as possible. According to Dvuln founder Jamie O’Reilly, this malware can harvest hundreds of saved credentials per victim, ranging from bank accounts to PayPal, crypto wallets, and online shopping platforms.

The investigation found that even old, previously infected machines are valuable to attackers. Some passwords in the leaked logs were four to five years old, but still worked on live systems and services. This highlights the long-term risks of not updating passwords or reviewing saved credentials on personal devices.

Key Facts

• Affected Banks: Commonwealth Bank (~14,000 customers), ANZ (~7,000), NAB (~5,000), and Westpac (~4,000).​
• Malware Used: Infostealer malware, which silently collects data from infected devices.​
• Platforms for Data Trade: Telegram channels and dark web forums.​
• Scope of Infection: Over 58,000 devices in Australia have been compromised.​
• Global Impact: Nearly 26 million devices were compromised by infostealer malware across 2023 and 2024, leading to the leak of more than 2 million unique bank card details. ​
• Validity of Leaked Data: Approximately 95% of the leaked bank card numbers were deemed “technically valid,” indicating a substantial potential for financial fraud.

What Data Was Leaked?

The infostealer malware extracted a wide range of sensitive information, including:​

• Banking Credentials: Usernames and passwords for online banking accounts.​
• Credit Card Information: Card numbers, expiration dates, and CVV codes.​
• Personal Data: Names, addresses, and contact details.​
• Browser Data: Cookies, autofill information, and browsing history.​

This comprehensive data collection enables cybercriminals to bypass security measures and gain unauthorized access to various accounts.

What is the Risk?

Infostealer malware is dangerous not just because of what it takes, but how silently and deeply it operates. From a cybersecurity perspective, this type of malware is a highly effective tool in the hands of criminals because it exploits both technology and human behavior.

Here’s how it typically plays out — and why it matters to you.

Step 1: Delivery (It All Starts with a Click)

Attackers often deliver infostealers through phishing emails, fake software downloads, or malicious websites. This stage is called “delivery” in the cyber kill chain — a model used by security professionals to track the steps of an attack.

In most cases, the user doesn’t even realize they’ve clicked on something harmful. The malware installs quietly in the background, requiring no further interaction.

Step 2: Exploitation (The Malware Gets to Work)

Once it lands on a device — usually a Windows computer — the malware starts scanning your system for valuable data. This includes:

• Saved passwords (from browsers or apps)
• Credit card details
• Cryptocurrency wallets
• Cookie sessions (which help bypass MFA)
• Login credentials for banking, email, PayPal, e-commerce sites, etc.

This is the exploitation and installation phase of the kill chain. The malware often disguises itself or deletes its own traces to avoid detection by antivirus software.

Step 3: Exfiltration (Data Is Sent to Criminal Servers)

After stealing the data, the malware sends it back to the attacker’s servers. In security speak, this is called “exfiltration”. What’s scary is this happens automatically, usually within minutes of infection — and victims rarely notice anything.

Once the data is uploaded, criminals package it into logs and sell or trade it on forums like Telegram or the dark web.

Step 4: Weaponization and Use (The Real Damage Begins)

The attacker now has everything they need to impersonate you online or access your bank account. They might:

• Use your cookies and browser sessions to bypass 2FA and access your bank or email
• Use your login details to drain funds or launder money
• Sell your identity data to other criminals for future fraud or synthetic identity creation

This is the final kill chain phase: “actions on objectives”, where the attack delivers real-world impact. In short: they don’t just steal the data—they use it.

So What’s the Real Risk?

The risk is twofold:

1. Immediate financial loss — If a bank account, PayPal, or crypto wallet is accessed.
2. Long-term exposure — Even if your money is safe today, your information might be used or sold repeatedly across different platforms for years.

This is not just a one-time threat, but an ongoing privacy breach that could haunt you if not addressed properly.

How to Protect Yourself: Immediate and Long-Term Steps

If you think your data might have been leaked, don’t panic — but do act fast. Here’s what you should do right now:

Immediate Actions (Do These Right Now)

If you suspect your device is infected or your bank credentials may have been leaked, these are the first steps you should take immediately:

1. Change Your Bank Passwords (Now):
Log in to your online banking accounts and change your passwords straight away. Make them strong, unique, and don’t reuse them anywhere else.

2. Turn On Security Features on your Bank Account:
If your bank or email provider offers 2FA, enable it. This adds a second step to logging in, like a code sent to your phone.

How to Enable Security Settings on ANZ Bank

How to Enable Security Settings on Westpac

How to Enable Security Settings on NAB

3. Check for Malware on Your Devices:
Run a full malware scan using a trusted antivirus program. If anything suspicious is found, remove it and restart your device.

Here are some guides:

Windows:

How to Scan your Windows PC for Malware

How to Enable Security Settings on MacBook

How to Scan Android Device for Malware

4. Monitor Your Accounts Closely:
Check your banking and financial accounts for any unfamiliar transactions. If you see something suspicious, report it to your bank immediately.

5. Use Data Leak Tool:
Check if your email, phone number, or accounts have been found in public data breaches.

Long-Term Habits (To Stay Safe Ongoing)

1. Isolate your Critical Accounts :
2. Don’t Save Passwords in Your Browser:
   Browsers are a major target for infostealer malware. Use a password manager instead to store your credentials securely.
3. Keep Software and Operating Systems Updated:
   Many malware infections happen because people delay updates. Turn on auto-updates for your browser, OS, and antivirus.
4. Review and Revoke Unused Logins:
   Go through your banking, email, and app security settings to remove old sessions, devices, and third-party connections you no longer use.
5. Check before you Click:
   Be skeptical of emails with links or attachments, especially ones claiming to be from your bank, service provider, or government. Always go to the official website manually.

Want to dive deeper into personal online safety? Demysti5 offers tailored guides and tools for everyone—from parents and families, students, and senior citizens to remote workers, job seekers, and high net worth individuals.

You can also:

• Check your Online Safety Score
• Get practical Cyber Advice
• Adopt Secure Habits that protect your digital life
• Sign up on Web App
• Learn more about Cyber Safety for Business and Colleges
• Spread the Word and help others stay safe online
• Catch up on insights via the Demysti5 Blog
• Download the Demysti5 Android App or get it on the Play Store
• Follow us on Facebook and YouTube

Stay informed. Stay protected. Demysti5 it.

The post Over 31,000 Australian Bank Passwords Leaked: All You Need to Know​ and Do appeared first on Demysti5.

A Major Breach That Can’t Be Ignored

A staggering data leak involving X (formerly Twitter) has recently surfaced, potentially affecting millions of users worldwide. This isn’t just another story about hackers — it’s a wake-up call for anyone who uses social media. According to the cybersecurity team at SafetyDetectives, over 201 million user records have been publicly exposed via a 400 GB database, freely downloadable on a known clear web forum.

If you’ve ever used X — even just once — this might concern you more than you think. Let’s break it down, in simple terms, and help you understand what happened, what’s at risk, and what actions you can take to protect yourself moving forward.

Summary of What Happened

In January 2025, a hacker posted 400 GB worth of X user data on a public forum. The database included detailed information on over 200 million X accounts, including emails, names, usernames, bios, language preferences, account stats, and more.

The post claims the hacker tried to alert X but received no response. So, they released the data to “wake people up.” The scary part? This data was not behind a paywall — meaning anyone could access it freely.

Key Facts

• Platform Affected: X (formerly Twitter)
• Discovered by: SafetyDetectives Cybersecurity Team
• Date Found: January 2025
• Data Size: 400 GB
• Entries Exposed: 201,186,753
• Location of Leak: Public clearweb forum
• Type of Breach: Database compiled from a previous 2023 data scrape + newly appended records

What Data Was Potentially Leaked?

Here’s what the leaked CSV reportedly contains for each affected user:

• Username and display name
• Location, language, and bio/description
• Account stats (followers, tweets, etc.)
• Account creation and activity details
• Email addresses (some verified to be real)
• Links to profiles and posts
• Status on whether an account is verified or protected

While passwords weren’t included in the leak, the sheer amount of personal and behavioral metadata poses a huge risk for identity theft, phishing, and social engineering attacks.

What Are the Risks for Users?

This kind of information can fuel a wide range of attacks:

1. Phishing & Email Scams:
With real emails and profile info, scammers can craft hyper-targeted emails pretending to be from X, your bank, or even a friend.

2. Identity Theft:
The data could be used to impersonate you online or gain access to other accounts where you reuse information.

3. Social Engineering:
Cybercriminals can use leaked data to manipulate you or someone close to you into revealing sensitive information.

4. Reputation Attacks:
With so many user stats and personal bios exposed, scammers might impersonate you or misuse your account history.

Immediate Steps to Protect Yourself

If you think your data might have been leaked, don’t panic — but do act fast. Here’s what you should do right now:

Reset Your Passwords

Even if passwords weren’t leaked, use this opportunity to change your X password and enable a strong one.

Secure Your X Account with Demysti5

Turn on Two-Factor Authentication (2FA)

Add an extra layer of protection to your account that requires a code along with your password.

How to Enable 2FA on X

Check if Your Email or Username Was Involved

Use the Data Leak Check tool on Demysti5 to see if your email or social media handle appears in recent breaches.

Check for Leaks – Demysti5’s Data Leak Search Tool

Explore Demysti5’s Improve Section

Demysti5’s Improve section provides practical steps across 13 security categories to help users reduce their digital risk.

Here Are Some Other Practical Steps to Boost Your Online Safety

• Use a password manager to store strong, unique passwords.
• Be cautious with DMs or emails asking for personal information — even if they appear legitimate.
• Review the privacy settings on all your social media accounts.
• Avoid clicking on suspicious links, especially those shared over email or social platforms.
• Stay updated on cybersecurity news and tools like Demysti5 to spot threats early.

Data breaches are no longer rare — they’re a reality of the digital age. But with tools like Demysti5, awareness, and the right action, you can reduce the damage and protect yourself going forward.

The X data breach is a reminder that online platforms hold a lot more of our personal data than we might think. And when that data leaks — we all feel the impact.

But knowledge is power.
And action is your best defense.

Download the Demysti5 App to start securing your accounts, checking for leaks, and taking control of your online safety today.

The post Massive X (Twitter) Data Leak Raises Major Online Safety Concerns appeared first on Demysti5.

Have you ever found yourself in the adrenaline-pumping final seconds of an online auction, finger poised over the ‘Bid Now’ button? Online auctions, like those on eBay, can be thrilling marketplaces full of unique finds and potential bargains. However, with the excitement comes the need for caution. Navigating these digital auction houses safely is crucial to avoid scams and ensure a positive experience. In this article, we’ll walk you through how to participate in online auctions safely, keeping your wits as sharp as your bids.

Understanding the Auction Platform

Familiarize Yourself with the Platform: Before you start bidding, take time to understand how the auction platform works. Platforms like eBay have specific rules and guidelines for bidding, payment, and dispute resolution. Knowing these rules can protect you from common pitfalls.

Check Seller Credentials: Pay attention to the seller’s history. A seller with a long record of positive feedback is generally more reliable. If a seller is new or has mixed reviews, proceed with caution.

Safe Bidding Strategies

Set a Budget: It’s easy to get caught up in the heat of bidding. Set a budget for each item and stick to it to avoid overspending.

Beware of Unusually Low Prices: If an item’s price seems too good to be true, it probably is. Extremely low prices can be a red flag for counterfeit goods or scams.

Use Secure Payment Methods: Opt for secure payment methods offered by the auction site. Avoid transactions that ask for direct bank transfers or use of unsecured payment methods.

Also Read

Over 31,000 Australian Bank Passwords Leaked: All You Need to Know​ and Do

• Published on: April 30, 2025

Massive X (Twitter) Data Leak Raises Major Online Safety Concerns

• Published on: April 2, 2025

Urgent alert! boAt data leak

• Published on: April 8, 2024

Protecting Your Information and Staying Secure in Online Auctions

In the world of online auctions, where excitement and opportunity abound, the importance of safeguarding your personal information cannot be overstated. This is a realm where a single lapse in security can lead to significant consequences. Let’s delve deeper into how you can protect your information and enhance your security while participating in online auctions.

Vigilance with Personal Information

Minimize Data Sharing: When creating profiles or engaging with sellers, share only the essential information. Over-disclosure of personal details like your full address, phone number, or financial information can leave you vulnerable.

Separate Email for Auction Sites: Consider using a dedicated email address for your online auction activities. This not only helps in organizing your bids and transactions but also reduces the risk of your primary email being compromised.

Account Security Measures

Strong, Unique Passwords: Use complex and unique passwords for each auction site account. Avoid using common phrases or personal information that can be easily guessed. Tools like password managers can help in generating and storing secure passwords.

Two-Factor Authentication (2FA): Enable 2FA on your accounts if the auction platform supports it. This adds an extra layer of security, ensuring that even if your password is compromised, unauthorized access is still blocked.

Safe Payment Practices

Secure Payment Methods: Utilize the platform’s secure payment system and avoid direct money transfers to sellers. Platforms like PayPal offer an additional layer of security and often have buyer protection policies.

Monitor Bank Statements: Regularly check your bank statements for any unauthorized or suspicious transactions. Early detection of fraud can prevent further financial damage.

Dealing with Suspicious Activity

Recognize Phishing Attempts: Be wary of emails or messages that ask for your personal information or direct you to a webpage to enter sensitive data. Always verify the source and avoid clicking on suspicious links.

Report Suspicious Sellers: If you encounter a seller who insists on unsecured payment methods or provides inconsistent information, report them to the auction platform. Your report can help protect not only you but also other potential buyers.

Secure Browsing

Updated Security Software: Ensure that your computer or device has the latest security software, web browsers, and operating systems. Regular updates can protect you from malware and other online threats.

VPN for Public Wi-Fi: If you’re accessing auction sites using public Wi-Fi, consider using a Virtual Private Network (VPN). A VPN encrypts your internet connection, shielding your activities from potential eavesdroppers on public networks.

Secure Bidding is Smart Bidding

Navigating online auctions requires more than just a keen eye for good deals; it demands a conscious effort to protect your personal and financial information. By implementing these robust security practices, you can enjoy the excitement of online bidding while keeping your data safe and secure. Remember, in the digital auction house, being a smart bidder also means being a secure bidder.

Snapshot:

• Research sellers and understand auction platform rules.
• Set a budget and use secure payment methods.
• Protect personal information and account security.
• Track purchases and report any suspicious activities.

The post The Smart Shopper’s Guide to Safe Online Auctions appeared first on Demysti5.

Key Facts:

• Breach Overview: 815 million Indians’ data, including Aadhaar and passport details, are for sale on the dark web as per Cybersecurity firm Resecurity
• Potential Threats: Risks like identity theft, financial fraud, and personal information misuse loom large.
• Individual Safeguards: Regular monitoring of accounts, strong passwords, and two-factor authentication are crucial steps for personal digital safety.
• Preventive Measures: Staying informed, practicing cautious online behavior, and supporting community awareness initiatives are key to fostering a safer digital environment.

Also Read

Real Estate Email Scams in Australia: Email Hijacks, Wire Fraud, and How It All Works

• Published on: August 14, 2025

Over 31,000 Australian Bank Passwords Leaked: All You Need to Know​ and Do

• Published on: April 30, 2025

Massive X (Twitter) Data Leak Raises Major Online Safety Concerns

• Published on: April 2, 2025

What Is Aadhar

Aadhaar is a 12-digit unique identity number issued by the Indian government to residents. It’s linked to biometric and demographic data, helping in verifying individuals’ identities in a cost-effective way. Aadhaar facilitates various services like opening bank accounts, getting mobile connections, and availing government benefits.

A recent report by the US cybersecurity firm Resecurity has claimed a massive data breach, with personal data of about 815 million or 81.5 crore Indians being leaked on the dark web. The leaked data, available for sale online, includes names, phone numbers, addresses, Aadhaar, and passport information. The breach was disclosed on 9 October by a threat actor named ‘pwn0001’ on Breach Forums, offering access to the data for $80,000. The Central Bureau of Investigation (CBI) is currently probing the breach. There’s speculation that the compromised data might originate from the Indian Council of Medical Research (ICMR) database.

What Has Been Potentially Leaked:

The breach, carried out by a hacker going by the alias pwn0001, has revealed a broad spectrum of personal information belonging to Indian citizens. The potential compromised data consists of:

• Name
• Father’s name
• Phone number
• An additional contact number
• Passport number
• Aadhaar number
• Age
• Gender
• Residential address
• District
• Postal code (Pincode)
• State

These details paint a near-complete picture of an individual’s identity, which is alarming as it opens doors for various forms of misuse and fraud.

India Biggest Data Breach

Unknown hackers have leaked the personal data of over 800 million Indians Of COVID 19.

The leaked data includes:

* Name
* Father’s name
* Phone number
* Other number
* Passport number
* Aadhaar number
* Age#DataBreach #dataleak #CyberSecurity pic.twitter.com/lUaJS9ZPDr

— Shivam Kumar Singh (@MrRajputHacker) October 30, 2023

Potential Consequences For Users

Aadhaar is a cornerstone for accessing various services in India, including banking, mobile connections, and government benefits. It’s linked to biometric and demographic data of individuals. If this data falls into the wrong hands, the consequences could be severe:

1. Identity Theft: Fraudsters could impersonate individuals to open bank accounts, take out loans, or gain employment fraudulently.
2. Financial Fraud: Access to Aadhaar data could enable unauthorized transactions, leading to financial loss.
3. Misinformation: Malicious actors could alter or misuse the data to spread misinformation or to defame individuals.
4. Exploitation: The data could be used to target individuals for scams, phishing, or other cybercrimes.

Also Read

Real Estate Email Scams in Australia: Email Hijacks, Wire Fraud, and How It All Works

• Published on: August 14, 2025

Over 31,000 Australian Bank Passwords Leaked: All You Need to Know​ and Do

• Published on: April 30, 2025

Massive X (Twitter) Data Leak Raises Major Online Safety Concerns

• Published on: April 2, 2025

Immediate Next Steps Users Can Take:

1. Monitor Accounts: Keep a close eye on your financial accounts for any unusual activity.
2. Password Change: Change passwords for your important accounts, especially those linked with your Aadhaar number.
3. Enable Two-Factor Authentication (2FA): Turn on 2FA for added security on your online accounts.
4. Stay Informed: Follow official advisories from the UIDAI or other relevant authorities regarding the breach.
5. Check Aadhaar Authentication History: Visit the UIDAI website to check your Aadhaar authentication history for any suspicious activity. 

   “Residents can check his/her Aadhaar Authentication history from UIDAI Website https://resident.uidai.gov.in/aadhaar-auth-history or through mAadhaar App by using his/her Aadhaar Number/VID & enter security code and follow the metioned procedure.

   Note: Registered mobile number is mandatory to avail this service.” 

Here Are Some Other Practical Steps Individuals Can Take To Protect Themselves Overall Online Safety:

1. Regular Monitoring:

   • Frequently check financial accounts for unauthorized transactions.

2. Password Management:

   • Use strong passwords, change them regularly, and avoid using the same password across multiple platforms.

3. Two-Factor Authentication (2FA):

   • Enable 2FA on all possible accounts for an extra layer of security.

4. Security Software:

   • Install reliable security software on your devices to protect against malware and phishing attempts.

5. Educate Yourself:

   • Stay informed about the latest cybersecurity threats and learn how to recognize potential scams.

6. Be Cautious:

   • Be mindful of sharing personal information and verify the authenticity of requests for your data.

7. Contact Authorities:

   • Report any suspicious activity or unauthorized access to your accounts to the concerned authorities.

8. Credit Monitoring Services:

   • Consider subscribing to credit monitoring services to be alerted about any suspicious activities related to your financial accounts.

9. Review Account Settings:

   • Regularly review the privacy and security settings of your online accounts to ensure they are configured for maximum security.

10. Stay Updated:

    • Keep your software, including security software, updated to benefit from the latest security enhancements.

The disclosure of such a massive amount of personal information is a stark reminder of the digital era’s pitfalls. Adopting a vigilant approach and arming ourselves with knowledge and the right tools can significantly mitigate the risks posed by such data breaches. This incident should serve as a catalyst for individuals and businesses alike to fortify their online safety measures, ensuring a safer digital India.

The post Aadhaar Data Leak : What’s at Stake and How to Protect Yourself appeared first on Demysti5.