Share this article on:
Darknet checks join multifactor authentication to keep NSW residents secure online.
Service NSW announced overnight that it is adding a new security feature to its online portal.
The announcement was made via email to MyServiceNSW customers late on 25 October.
“On 26 October 2023, we’re launching new security features that will help you better protect your identity information from cyber criminals,” the email read.
From today, when customers log into their MyServiceNSW accounts, the site will automatically check for leaked passwords and email combinations on the darknet. If any leaked information is found, the customer will be informed and prompted to change their password.
“Your information is protected and not disclosed to anyone during this security check,” Service NSW noted.
Customers whose details have been leaked will be informed both within their account and via email, being told: “Your email address and password combination [were] leaked by another website. Cyber criminals might be able to access or use your account.”
On the Leaked Passwords page of the Service NSW website, the agency does note that it has not leaked any passwords and that it is more concerned with details affected by other data breaches.
“Service NSW is not responsible for leaking email address and password combinations to the dark web. They were leaked by other websites and published on the dark web,” the website said.
“We have measures in place to ensure our systems and customer information are secure. If a data breach or cyber attack were to occur, we would work closely with Cyber Security NSW, ID Support NSW and other partners to directly notify and support any customers affected.”
Service NSW also noted that this feature does not “identify how email address and password combinations were leaked”.
We have reached out to Service NSW for more information on how exactly these darknet searches work and what sources might be being monitored.