SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Dark silhouette computer binary code lock icons new zealand background
#
MFA
#
Advanced Persistent Threat Protection
#
Breach Prevention

Over 150 million NZ records for sale as cyber threats grow

Wed, 6th Aug 2025
Author image
By Melvin Hipolito, Editor

New research from nWebbed Intelligence has identified that over 150 million compromised records linked to New Zealand are accessible on the dark web, including thousands belonging to employees of government departments, local banks, and healthcare institutions.

The nWebbed NZ Cybersecurity Study reviewed more than 30 billion breach records, revealing compromised credentials for more than 198,000 New Zealand businesses and entities. Specifically, the study found over 18,000 government worker logins, 3,200 banking staff credentials, and 2,000 healthcare accounts among those leaked online.

Exposure at scale

The passwords and emails discovered are authentic and currently being traded or given away on underground dark web forums, according to the company's analysis. These credentials, the study found, are particularly problematic for the core sectors of New Zealand society.

"We are seeing widespread exposure of compromised credentials linked to core parts of the New Zealand economy, including health providers, government agencies, banks and large-scale businesses.
"These are trusted institutions that Kiwis interact with every day, and they are real emails and passwords sitting in the wild. They're searchable, for sale and vulnerable to exploitation," he says.

The study cross-referenced global breach records against local email domains to determine the specific exposure of New Zealand organisations.

Impact and warning

Julian Wendt, founder of nWebbed Intelligence, cautioned that many organisations are unaware their credentials have been exposed on the dark web and that the threat landscape is evolving swiftly. He emphasised that compromised accounts may still be vulnerable long after an initial breach and that the same credentials may appear across several unrelated data leaks.

"It's not that someone was hacked once and that's it. In many cases, credentials from five or six separate breaches are still sitting out there, waiting to be exploited," he says.

Wendt suggested that New Zealand needs to accelerate its cybersecurity response practices to mitigate this recurring threat.

"You can't wait for the ransom note to start caring about where your data ends up. We need a preventative model, and that starts with visibility.
"Most organisations are watching their perimeter, not what's already leaked. But if your staff credentials are out there, especially admin or technical roles, then attackers already have the keys," he says.

He describes a situation where the volume of sensitive credentials on the dark web continues to grow at pace, with nWebbed's own database expanding by 2 billion credentials each month.

Automated threats

Attackers are acting more quickly than before, with some using automated tools to actively search for high-value credentials such as executive or technical staff logins within minutes of a data leak.

"In some cases, we've seen attackers move within minutes of credentials appearing online. They're using automated tools to scan for executive logins, technical roles or access to critical systems. "What starts as a single leaked password can escalate into a live intrusion before an organisation even realises there's been a breach," he says.

Wendt also noted that many New Zealand institutions continue to underestimate their appeal as targets, often seeing cybercrime as an overseas problem when, in his view, local entities are being used as potential entry points into international networks.

"There's still this assumption in New Zealand that cybercrime is something that happens to big overseas companies. But in reality, our companies are being targeted every day, often because we're seen as a soft entry point into larger international networks. "Nearly half of the Fortune 500 companies worldwide have exposed employee credentials available online, and Kiwi companies are facing similar threats. Compromised credentials can be used to access corporate networks, bypass multi-factor authentication or launch phishing attacks," he says.

He also referenced a tendency for firms to rely too much on past risk assessments, sometimes overlooking exposures their internal controls may not detect.

"Even organisations with good internal cybersecurity practices are often shocked to discover what's floating around publicly. That includes old passwords, unpatched web portals or documents they thought were private. It's not about blaming anyone, it's about visibility," he says.

Response and outlook

In response to these findings, nWebbed has launched a new threat monitoring platform leveraging artificial intelligence to deliver real-time awareness and help organisations address exposures before they result in breaches. Wendt stressed the importance of awareness and proactive management of external risks by New Zealand businesses.

"Most breaches happen because someone didn't know their login details were already out there. This is a solvable problem if you're willing to look," he says.
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Codific sets 2026 priorities for boards on cyber risk
Punkt unveils MC03 privacy-first smartphone with Proton
CSPM set to vanish as machine identities drive risk
Pearson to deploy palm-print ID across global exams
DryRun raises USD $8.7m to secure AI-driven coding

Top stories

Acronis boosts MSP security with new threat research
'We can't rely on goodwill' - NZ lags behind on battling AI creation of sexual images
AI in 2026: fragile data, hybrid clouds & profit race
Hydrolix unveils Bot Insights to expose costly AI bots
AI to transform business risk, trust & compliance by 2026