What does it mean if a password has appeared in an external data breach?

When setting or resetting your CommSec password, you may see a message telling you that your proposed password has appeared in a data breach. This means that the password has appeared on a list of passwords that were stolen from one or more websites or digital businesses globally. The password may have been used by somebody for a completely different digital service, but because it has been published online as part of a list of passwords that have been involved in a data breach, it is no longer considered a secure password to use.

If you see this message, it does not mean that your CommSec account has been compromised.

How does CommSec know whether a password has been breached?

There are millions of passwords used by people around the internet, and unfortunately, there have been various instances where hackers have stolen user IDs and passwords from certain websites or digital businesses. Sometimes, these ID and password details are published online for other hackers to try and use.

In response to these security issues, there are now databases that monitor data breaches so that individuals and legitimate businesses can tell whether a particular username or password has been involved in a data breach.

When you’re choosing a password for your CommSec account, our system will check whether your proposed password has appeared in one of the databases of breached passwords from people and businesses around the globe. If it has been breached, we’ll ask you to come up with a new one for your own security.

Unfortunately, combinations of common words and numbers often appear in the database of breached passwords. As such, you may need to use a more complex combination of letters and numbers.

Has my CommSec account been compromised?

No. If the password has been involved in a data breach this doesn’t mean that your CommSec account has been compromised. However, it could increase the chance of your account becoming compromised, because the password that you’ve used has appeared on a list of breached passwords.

What should I do?

If you use this password for other online accounts or services, you should consider changing it. We recommend choosing a strong combination of letters, numbers, and symbols.



This site is directed and available to and for the benefit of Australian residents only. © Commonwealth Securities Limited ABN 60 067 254 399 AFSL 238814 ("CommSec") is a wholly owned, but non guaranteed, subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124 AFSL 234945 and both entities are incorporated in Australia with limited liability.

By clicking on the "Download the CommSec App" buttons above, you will be directed to itunes.apple.com or play.google.com. These sites are not affiliated with CommSec and may offer a different Privacy Policy and level of security.