The Australian firm Dvuln, which made the discovery, said the passwords were stolen directly from users’ personal devices, which had been infected with a type of malware known as an “infostealer”.
“This is not a vulnerability in the banks,” Dvuln’s founder Jamie O’Reilly said.
If they don’t have 2FA, yes it is a vulnerability in the banks. The fact we don’t have any regulations on this is ridiculous.
Yeah, that’s not very typical. I’d like to make that point.
Having worked with and for Internet users for nearly 30 years, I can assure you that this is very typical.
Pisses me off that I waste(?) all this time with password managers and 2FA and paying attention to URL and what not, and then some numpty out there with the password “qwerty123” who clicks on every damn “win an iphone” spam link they ever get sent expects to get bailed out when they lose their money in a scam.
Its like people who dont pay insurance wanting to be bailed out after a fire/flood or whatever.
Scammers are total jerks, but the people who keep falling for the most obvious shit are actually worse imo.
Well, some of them are built so that they don’t leak passwords at all.
Well we don’t want people thinking these banks are unsafe, just because the malware fell on and twenty thousand passwords leaked out into the internet.
I’m not saying they’re not safe. Just perhaps not quite as safe as some of the other ones.
Absolutely ludicrous. These are very very strong systems.
Wouldn’t you say Senator, that it’s the government’s responsibility to keep Australian’s bank passwords safe?
Well, I was thinking more about the other ones.
The other passwords?
Yeah, the ones that weren’t leaked.
Do you think we could make the passwords safe again by taking them outside the internet?
Yes, they can be kept beyond the internet. They’re not in the internet.
The volume of obvious spam I get for BCF, NRMA/RACV/RACQ etc, “Congratulations! You’ve won…”
tells me a lot about what’s a successful target profile looks like…
