Cyber Security
IBTimes UK

Cybercriminals have stolen nearly 100 staff login credentials from employees at Australia's largest banks, significantly increasing the risk of data breaches and ransomware attacks, cybersecurity researchers have warned.

According to cyber intelligence firm Hudson Rock, the most serious danger is that hackers could use the stolen credentials to infiltrate banks' corporate networks, potentially gaining "initial access" to sensitive systems, ABC reported.

The revelations follow earlier reports this week that more than 31,000 customer banking passwords from the Big Four banks -- ANZ, CommBank, NAB, and Westpac -- had also been stolen using similar malware, raising further concerns about the scale of cyber threats targeting the sector.

CommBank, ANZ most affected

Hudson Rock revealed it found dozens of compromised credentials at both ANZ and Commonwealth Bank, with fewer than five stolen from NAB and Westpac.

In total, researchers uncovered more than 100 compromised credentials at ANZ, over 70 at NAB, more than 40 third-party logins at CommBank, and over 30 at Westpac.

"This is like the open gate," said Hudson Rock analyst Leonid Rozenberg, warning that hackers could install ransomware or steal vast amounts of customer data once inside a network.

Credentials leaked on the dark web

Hudson Rock said the credentials -- belonging to current and former employees and contractors -- were stolen between 2021 and April 2025 via malware known as "infostealers," which infected employee devices. The stolen data has since been sold or shared on messaging platforms like Telegram and the dark web.

The company also identified stolen credentials from third-party vendors linked to all four banks, adding another layer of risk.

ASD warns of Infostealer threats

Last September, the Australian Signals Directorate had warned that infections from infostealers could have devastating consequences. A report by the agency confirmed such malware had already enabled successful cyberattacks on Australian businesses, though it did not name specific targets.

Hudson Rock noted a staggering rise in the use of infostealer globally -- more than 200-fold since 2018 -- with over 58,000 infected devices found in Australia since 2021.

"This malware can hit any business, in any industry and in any country," Rozenberg said.

Banks respond with assurances

The major four banks said they have security measures in place to prevent the unauthorized use of stolen credentials.

NAB said it actively monitors cybercrime forums, while Westpac declined to detail its security protocols for confidentiality reasons.

"We continuously monitor open and dark web sources for a wide range of potential threats, including compromised credentials," NAB Chief Security Officer Sandro Bucchianeri said.

CommBank stated it had invested over AU$800 million in cybersecurity and anti-financial crime efforts last financial year.