Latest news with #nWebbedIntelligence
Techday NZ
3 days ago
- Techday NZ
Over 150 million NZ records for sale as cyber threats grow
New research from nWebbed Intelligence has identified that over 150 million compromised records linked to New Zealand are accessible on the dark web, including thousands belonging to employees of government departments, local banks, and healthcare institutions. The nWebbed NZ Cybersecurity Study reviewed more than 30 billion breach records, revealing compromised credentials for more than 198,000 New Zealand businesses and entities. Specifically, the study found over 18,000 government worker logins, 3,200 banking staff credentials, and 2,000 healthcare accounts among those leaked online. Exposure at scale The passwords and emails discovered are authentic and currently being traded or given away on underground dark web forums, according to the company's analysis. These credentials, the study found, are particularly problematic for the core sectors of New Zealand society. "We are seeing widespread exposure of compromised credentials linked to core parts of the New Zealand economy, including health providers, government agencies, banks and large-scale businesses. "These are trusted institutions that Kiwis interact with every day, and they are real emails and passwords sitting in the wild. They're searchable, for sale and vulnerable to exploitation," he says. The study cross-referenced global breach records against local email domains to determine the specific exposure of New Zealand organisations. Impact and warning Julian Wendt, founder of nWebbed Intelligence, cautioned that many organisations are unaware their credentials have been exposed on the dark web and that the threat landscape is evolving swiftly. He emphasised that compromised accounts may still be vulnerable long after an initial breach and that the same credentials may appear across several unrelated data leaks. "It's not that someone was hacked once and that's it. In many cases, credentials from five or six separate breaches are still sitting out there, waiting to be exploited," he says. Wendt suggested that New Zealand needs to accelerate its cybersecurity response practices to mitigate this recurring threat. "You can't wait for the ransom note to start caring about where your data ends up. We need a preventative model, and that starts with visibility. "Most organisations are watching their perimeter, not what's already leaked. But if your staff credentials are out there, especially admin or technical roles, then attackers already have the keys," he says. He describes a situation where the volume of sensitive credentials on the dark web continues to grow at pace, with nWebbed's own database expanding by 2 billion credentials each month. Automated threats Attackers are acting more quickly than before, with some using automated tools to actively search for high-value credentials such as executive or technical staff logins within minutes of a data leak. "In some cases, we've seen attackers move within minutes of credentials appearing online. They're using automated tools to scan for executive logins, technical roles or access to critical systems. "What starts as a single leaked password can escalate into a live intrusion before an organisation even realises there's been a breach," he says. Wendt also noted that many New Zealand institutions continue to underestimate their appeal as targets, often seeing cybercrime as an overseas problem when, in his view, local entities are being used as potential entry points into international networks. "There's still this assumption in New Zealand that cybercrime is something that happens to big overseas companies. But in reality, our companies are being targeted every day, often because we're seen as a soft entry point into larger international networks. "Nearly half of the Fortune 500 companies worldwide have exposed employee credentials available online, and Kiwi companies are facing similar threats. Compromised credentials can be used to access corporate networks, bypass multi-factor authentication or launch phishing attacks," he says. He also referenced a tendency for firms to rely too much on past risk assessments, sometimes overlooking exposures their internal controls may not detect. "Even organisations with good internal cybersecurity practices are often shocked to discover what's floating around publicly. That includes old passwords, unpatched web portals or documents they thought were private. It's not about blaming anyone, it's about visibility," he says. Response and outlook In response to these findings, nWebbed has launched a new threat monitoring platform leveraging artificial intelligence to deliver real-time awareness and help organisations address exposures before they result in breaches. Wendt stressed the importance of awareness and proactive management of external risks by New Zealand businesses. "Most breaches happen because someone didn't know their login details were already out there. This is a solvable problem if you're willing to look," he says. Follow us on: Share on:
Scoop
4 days ago
- Business
- Scoop
Thousands Of Leaked NZ Govt And Health Agency Credentials On Dark Web
Press Release – nWebbed Julian Wendt, founder of Kiwi tech start-up nWebbed Intelligence, says the findings show New Zealand organisations are underestimating the scale and frequency of cyber risk. Thousands of leaked employee credentials from government departments, local banks and healthcare organisations are among more than 150 million compromised records tied to New Zealand accessible on the dark web, according to new research. The nWebbed NZ Cybersecurity Study, which analysed over 30 billion credentials available for sale on the dark web – a hidden part of the internet used as an illegal marketplace by criminals, has revealed an alarming level of vulnerability among Kiwi businesses, with compromised credentials linked to more than 198,000 New Zealand companies and entities. In addition, the usernames and passwords of more than 18,000 NZ Government workers, 3,200 banking staff and 2,000 healthcare organisation accounts with privileged access to sensitive information were also found in leaked databases on the dark web. The study analysed global breach records and cross-referenced them with local email domains to identify exposure. Julian Wendt, founder of Kiwi tech start-up nWebbed Intelligence, which has built the world's fastest-growing database of dark web credentials, says the findings show New Zealand organisations are underestimating the scale and frequency of cyber risk. He says an urgent review of cybersecurity protocols, credential management systems and third-party access controls across the country's sensitive institutions and corporations is needed to secure exposed systems and protect the privacy of consumers whose personal data is at risk. 'We are seeing widespread exposure of compromised credentials linked to core parts of the New Zealand economy, including health providers, government agencies, banks and large-scale businesses. 'These are trusted institutions that Kiwis interact with every day, and they are real emails and passwords sitting in the wild. They're searchable, for sale and vulnerable to exploitation,' he says. Wendt says many breaches are going undetected for months or even years, and the data is still circulating. 'It's not that someone was hacked once and that's it. In many cases, credentials from five or six separate breaches are still sitting out there, waiting to be exploited,' he says. Wendt says New Zealand urgently needs to shift away from reactive cybersecurity practices. 'You can't wait for the ransom note to start caring about where your data ends up. We need a preventative model, and that starts with visibility. 'Most organisations are watching their perimeter, not what's already leaked. But if your staff credentials are out there, especially admin or technical roles, then attackers already have the keys,' he says. Wendt says their database is growing by 2 billion credentials each month as the global rate of breaches accelerates. He says in response to the volume of sensitive credentials available online, nWebbed has launched a new threat monitoring platform that uses artificial intelligence to help organisations close critical security gaps in real time, enabling businesses to act before data is weaponised. Wendt says the time between a data leak and active exploitation is narrowing, particularly for high-value targets. 'In some cases, we've seen attackers move within minutes of credentials appearing online. They're using automated tools to scan for executive logins, technical roles or access to critical systems. 'What starts as a single leaked password can escalate into a live intrusion before an organisation even realises there's been a breach,' he says. Wendt says part of the problem is cultural. 'There's still this assumption in New Zealand that cybercrime is something that happens to big overseas companies. But in reality, our companies are being targeted every day, often because we're seen as a soft entry point into larger international networks. 'Nearly half of the Fortune 500 companies worldwide have exposed employee credentials available online, and Kiwi companies are facing similar threats. Compromised credentials can be used to access corporate networks, bypass multi-factor authentication or launch phishing attacks,' he says. Wendt says too many companies rely on outdated risk assessments and miss critical external vulnerabilities. 'Even organisations with good internal cybersecurity practices are often shocked to discover what's floating around publicly. That includes old passwords, unpatched web portals or documents they thought were private. It's not about blaming anyone, it's about visibility,' he says. Wendt says the next step is to raise awareness and get more Kiwi companies treating external digital hygiene as seriously as they do internal firewalls. 'Most breaches happen because someone didn't know their login details were already out there. This is a solvable problem if you're willing to look,' he says.
Scoop
4 days ago
- Business
- Scoop
Thousands Of Leaked NZ Govt And Health Agency Credentials On Dark Web
Thousands of leaked employee credentials from government departments, local banks and healthcare organisations are among more than 150 million compromised records tied to New Zealand accessible on the dark web, according to new research. The nWebbed NZ Cybersecurity Study, which analysed over 30 billion credentials available for sale on the dark web - a hidden part of the internet used as an illegal marketplace by criminals, has revealed an alarming level of vulnerability among Kiwi businesses, with compromised credentials linked to more than 198,000 New Zealand companies and entities. In addition, the usernames and passwords of more than 18,000 NZ Government workers, 3,200 banking staff and 2,000 healthcare organisation accounts with privileged access to sensitive information were also found in leaked databases on the dark web. The study analysed global breach records and cross-referenced them with local email domains to identify exposure. Julian Wendt, founder of Kiwi tech start-up nWebbed Intelligence, which has built the world's fastest-growing database of dark web credentials, says the findings show New Zealand organisations are underestimating the scale and frequency of cyber risk. He says an urgent review of cybersecurity protocols, credential management systems and third-party access controls across the country's sensitive institutions and corporations is needed to secure exposed systems and protect the privacy of consumers whose personal data is at risk. 'We are seeing widespread exposure of compromised credentials linked to core parts of the New Zealand economy, including health providers, government agencies, banks and large-scale businesses. 'These are trusted institutions that Kiwis interact with every day, and they are real emails and passwords sitting in the wild. They're searchable, for sale and vulnerable to exploitation,' he says. Wendt says many breaches are going undetected for months or even years, and the data is still circulating. 'It's not that someone was hacked once and that's it. In many cases, credentials from five or six separate breaches are still sitting out there, waiting to be exploited,' he says. Wendt says New Zealand urgently needs to shift away from reactive cybersecurity practices. 'You can't wait for the ransom note to start caring about where your data ends up. We need a preventative model, and that starts with visibility. 'Most organisations are watching their perimeter, not what's already leaked. But if your staff credentials are out there, especially admin or technical roles, then attackers already have the keys,' he says. Wendt says their database is growing by 2 billion credentials each month as the global rate of breaches accelerates. He says in response to the volume of sensitive credentials available online, nWebbed has launched a new threat monitoring platform that uses artificial intelligence to help organisations close critical security gaps in real time, enabling businesses to act before data is weaponised. Wendt says the time between a data leak and active exploitation is narrowing, particularly for high-value targets. 'In some cases, we've seen attackers move within minutes of credentials appearing online. They're using automated tools to scan for executive logins, technical roles or access to critical systems. 'What starts as a single leaked password can escalate into a live intrusion before an organisation even realises there's been a breach,' he says. Wendt says part of the problem is cultural. 'There's still this assumption in New Zealand that cybercrime is something that happens to big overseas companies. But in reality, our companies are being targeted every day, often because we're seen as a soft entry point into larger international networks. 'Nearly half of the Fortune 500 companies worldwide have exposed employee credentials available online, and Kiwi companies are facing similar threats. Compromised credentials can be used to access corporate networks, bypass multi-factor authentication or launch phishing attacks,' he says. Wendt says too many companies rely on outdated risk assessments and miss critical external vulnerabilities. 'Even organisations with good internal cybersecurity practices are often shocked to discover what's floating around publicly. That includes old passwords, unpatched web portals or documents they thought were private. It's not about blaming anyone, it's about visibility,' he says. Wendt says the next step is to raise awareness and get more Kiwi companies treating external digital hygiene as seriously as they do internal firewalls. 'Most breaches happen because someone didn't know their login details were already out there. This is a solvable problem if you're willing to look,' he says.
RNZ News
4 days ago
- Business
- RNZ News
Cybersecurity warning: 'Widespread exposure of compromised credentials'
Employee records linked to more than 198,000 NZ companies and entities were found on the dark web. File photo. Photo: Andrew Brookes, AB Still Ltd, Thousands of leaked credentials for employees from NZ government departments and healthcare organisations can be found on the dark web, says a digital security firm. The data is part of more than 150 million compromised records connected to New Zealand that is accessible on the dark web, according to a study by Kiwi tech start-up nWebbed Intelligence. The company's cybersecurity study analysed more than 30 billion credentials available for sale on the dark web and found links to more than 198,000 New Zealand companies and entities. It also found the usernames and passwords of more than 18,000 NZ government workers, 3200 banking staff and 2000 healthcare organisation accounts were also found in leaked databases. nWebbed Intelligence founder Julian Wendt said local organisations were underestimating the scale of cyber risk, and am urgent review of cybersecurity protocols was needed in the country's sensitive institutions and corporations. "We are seeing widespread exposure of compromised credentials linked to core parts of the New Zealand economy, including health providers, government agencies, banks and large-scale businesses. "These are trusted institutions that Kiwis interact with every day, and they are real emails and passwords sitting in the wild. They're searchable, for sale and vulnerable to exploitation." He said some breaches were going undetected for years. "It's not that someone was hacked once and that's it. In many cases, credentials from five or six separate breaches are still sitting out there, waiting to be exploited." Qantas recently revealed an attack by cybercriminals may have accessed as many as six million customer records. Sign up for Ngā Pitopito Kōrero , a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
