How to check if my super account has been compromised?

How can I check if my superannuation account has been compromised?#

To check if your superannuation account has been compromised, log in to your super fund’s online portal and verify your account details - especially your recent activity, contact information, and linked bank account. If anything looks unfamiliar or has been changed without your knowledge, it may be a sign of unauthorized access. You should also look out for alerts from your fund and contact their support team directly if you notice anything unusual.

Here’s what you should do:

Step-by-step checklist:#

• Log in to your super fund's online account via their official website or mobile app (avoid links in emails).
• Check your recent activity (e.g., login times, withdrawals, contact updates).
• Verify your personal details such as email, phone number, and bank account.
• Look for suspicious changes like updates to your beneficiary list or transfer attempts.
• Enable multi-factor authentication (MFA) if your fund offers it.

Funds like AustralianSuper and Rest have already notified affected members and urged everyone to take precautionary steps. Even if you haven’t been contacted, it's crucial to stay vigilant.

---

How Super Accounts Were Compromised#

The recent cyberattack on Australian superannuation funds was primarily executed through a method called credential stuffing, where attackers used stolen usernames and passwords from unrelated data breaches to log in to super accounts.

What to Look Out For#

Even if no funds were stolen from your account, compromised login credentials could allow attackers to:

• Change your email, phone number, or postal address
• Update your linked bank account
• Modify beneficiaries
• Attempt unauthorized withdrawals if you're eligible for drawdown (commonly over 60)

Super funds like AustralianSuper, Rest, and Insignia Financial have reported such suspicious activities, and in some cases, users were locked out of their accounts or saw erroneous balances.

Why It’s Important to Act Now#

Attackers are becoming more sophisticated. Even if you're not affected now, they may test your credentials again in the future. Because many Australians rarely log in to their super accounts, fraudulent changes can go unnoticed for weeks or even months.

That's why all members - especially those aged 60+ who may be in drawdown - should:

• Review accounts regularly
• Use a unique password
• Never reuse passwords across services
• Set up MFA

If you're unsure about anything, do not click on links in messages claiming to be from your fund. Instead, call them using a phone number on their official website.

---

Read the full article#

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →