Investigation of the Medibank hack shows that the credentials stolen by hackers were put on a Russian-language cybercrime forum as a credential broker. Customers' credentials were sold, and other hacker groups 'infiltrated the company's network and established two backdoors, including one for redundancy in case it is identified'. Medibank has not yet revealed the amount of stolen data as it is still unclear whether multi-factor authentication was comprised or bypassed.