nWebbed Cybersecurity Study Reveals Scale of Leaked NZ Credentials on Dark Web

A new nWebbed cybersecurity study uncovers millions of leaked New Zealand government, banking, and healthcare credentials circulating on the dark web.

New Zealand businesses, government agencies, and healthcare providers are facing an alarming cybersecurity challenge, with new research from Kiwi start-up nWebbed Intelligence showing that millions of compromised credentials are circulating on the dark web. The findings highlight the growing need for preventative digital security strategies in Aotearoa.

Screenshot of RNZ coverage on nWebbed cybersecurity findings
RNZ covers the nWebbed study in national media

Millions of Kiwi Credentials at Risk

The nWebbed NZ Cybersecurity Study analysed more than 30 billion leaked records on the dark web, uncovering over 150 million linked to New Zealand. These compromised details include usernames and passwords connected to more than 198,000 companies and institutions across the country. Particularly concerning was the discovery of credentials belonging to over 18,000 government employees, 3,200 banking staff, and 2,000 healthcare accounts with privileged access to sensitive systems.

Understanding the Dark Web Threat

The dark web, a hidden section of the internet often used by cybercriminals, has become a major marketplace for stolen data. International cybersecurity authorities have warned that compromised credentials are often exploited to launch phishing campaigns, bypass authentication measures, or gain backdoor access to corporate systems. With millions of records available for sale, New Zealand organisations are exposed to the same risks as global enterprises.

Insights from nWebbed Intelligence

Julian Wendt, founder of nWebbed, says the study shows New Zealand organisations are underestimating both the frequency and severity of data leaks. “These aren’t hypothetical risks—real employee emails and passwords from some of the country’s most trusted institutions are sitting online, searchable, and vulnerable to exploitation,” he explains. Wendt also noted that in many cases credentials from multiple breaches continue to circulate for years, leaving organisations unknowingly exposed.

The Shift from Reactive to Preventative Cybersecurity

According to Wendt, too many Kiwi organisations rely on perimeter defences while ignoring what’s already leaked into the public domain. “You can’t wait until a ransom note arrives to start caring about your data. A preventative model starts with visibility—knowing whether staff credentials, particularly those of technical or executive staff, are already online.”

He warns that attackers are increasingly using automated tools to act within minutes of new data appearing, often targeting admin accounts or executive logins. “What starts as a single compromised password can escalate into a live intrusion before an organisation even realises a breach has taken place,” he says.

AI-Powered Threat Monitoring by nWebbed

In response, nWebbed has launched a real-time monitoring platform powered by artificial intelligence. The system scans billions of credentials monthly, alerting organisations when their data appears online and enabling them to close vulnerabilities before they are weaponised. With breaches worldwide adding an estimated two billion new records each month, proactive detection is now essential for protecting consumer and corporate data alike.

NZ Herald article screenshot featuring nWebbed cyber study in New Zealand
National media outlet NZ Herald reports on nWebbed cybersecurity research

NZ Media Coverage of the Findings

The research gained nationwide attention, with outlets such as RNZ, NZ Herald, and Stuff reporting on the findings. Coverage highlighted how the country’s reliance on trusted institutions—from banks to healthcare providers—makes the widespread exposure of their credentials especially concerning. The media response underscores the urgency of stronger cyber hygiene practices across all sectors.

A Cultural Challenge for New Zealand Businesses

Wendt also believes there is a cultural hurdle in shifting how New Zealand organisations perceive cybersecurity. “There’s still a view that major breaches only happen to big overseas companies. In reality, Kiwi firms are targeted daily, often because attackers see them as a softer entry point into international networks.”

He emphasises that raising awareness and encouraging proactive monitoring is the only way to reduce the risk. “Most breaches happen because organisations don’t know their staff logins are already out there. This is a solvable problem if businesses are willing to look.”

Impact PR’s Perspective on Tech Communication

At Impact PR, we know that communicating cybersecurity risks effectively is as important as addressing them. Technical issues such as dark web data leaks can seem abstract, but by framing them in terms of everyday risks—such as compromised email accounts or leaked healthcare logins—stories like the nWebbed study resonate with the public and decision-makers alike. Our work in the technology and security sector focuses on helping innovative companies educate audiences, build trust, and inspire preventative action.

Learn More

To learn more about global cybercrime trends and how organisations can protect themselves, visit the Cybersecurity and Infrastructure Security Agency. To explore the solutions provided by nWebbed, check their latest research and threat monitoring tools.

Tags: , , , , , , ,