The first thing Sarah* knew about her identity being hacked was when a man turned up on her parents' doorstep asking for the sexual services he'd paid for online.
Then, things got even crazier.
Former identity theft victims have shared how their details were used to steal luxury vehicles, take out personal loans in their name and hock fake goods online, because criminals got hold of the kinds of information millions of Australians are believed to have had compromised in the latest Medibank and Optus hacks.
Sarah says her parents answered the door to a man one night who said he'd been on a hook-up site and had paid for certain services.
The person he paid showed him a copy of Sarah's ID, which had her parents' address on it.
They had to tell him that he'd been swindled.
Sarah believes the way her identity became hijacked wasn't something she could have foreseen.
While living in Melbourne, she sent a photo of her licence to a real estate agent applying for a lease, and that image was somehow then uploaded into a gallery of property photos featured on that agent's website.
That image was taken and shared on highly public websites like Pinterest, kicking off the nightmare that she's still living today — a series of seemingly endless criminal acts carried out in her name.
"Probably the most shocking and stressful part was just seeing my licence there on Google for anyone to use," Sarah said.
"It was extremely stressful, not knowing what the repercussions were, what I'd lost out of this, whether there was any financial loss or risk to myself."
During this period, another man turned up at her parents' house saying he'd paid $1,000 for a PlayStation, and the person selling it had shown a picture of her drivers licence.
"He rocked up having transferred the money and obviously wasn't receiving his PlayStation," she said.
Then the credit card application letters began to arrive.
When Sarah checked her credit history, she found applications for "basically every financial institution and every telecommunication company" in existence.
A friend contacted her saying they had seen her licence published online, which is when Sarah realised the extent of how compromised her identity had become.
She tried to put a stop to the fraud, but every time she closed one account the hydra would rear its head with another financial institution.
"Initially, I spent days and days going through my credit file, calling up every banking institution that had had credit applications," she said.
"It's a very emotionally stressful thing that I don't want to put any more of my life into."
The ABC contacted Pinterest, a US-based service which touts itself as a "visual discovery engine", to ask why it was still hosting Sarah's licence image on its site but it did not respond prior to deadline.
Fast cars and no tolls
Sydney man Dave doesn't know how his details got out into the world.
But someone managed to make a "very bad" copy of his licence and use it to take out a loan to buy a car worth more than $70,000.
"The first I found out was that I started to get toll notices. I got heaps of these over a period of weeks, and I couldn't really resolve it," he said.
Then, one Friday about 3am, he got a call from the police.
"They've stopped someone driving this car and asked me whether I was lending it to them. And so obviously, I explained that it wasn't mine."
Despite this he was then contacted by debt collectors — a law firm demanding payment of the debt for the car within four days.
"It seems quite incredible that on the basis of a copy of my licence, that had a JP stamp on it but it was illegible, that they were able to go borrow this money and then buy this car," he said.
Dave considers himself lucky — because NSW Police were already looking into the case they spoke to the law firm and they stopped contacting him.
But he says he worries about others who may now be subject to such a threat.
"It could have been quite a different situation if I hadn't had that access to that detective or I'd been out of the country," Dave said.
"I think I was actually very lucky to get away with it and not have any further sort of ramifications."
Moving house to escape the bad debts piling up
NSW woman Nadine was shocked at the number of successful credit applications criminals made in her name, just by using her licence number and date of birth.
She already had an alert on her credit report set up when her details were compromised, so received a notification.
When she pulled her credit history she found about $9,000 in applications for personal loans and services like Afterpay.
The personal loans weren't successful but small credit providers did hand over cash.
She had to go to court to obtain an order stating she'd been a victim of identity fraud, as well as spending hours on the phone and emailing companies about the debts.
Nadine was so worried about criminals using her address as part of these applications, she moved house.
"I think it also just helps with the reclaiming your identity to actually be able to say, 'no, I have not lived at that address for quite some time,'" she said.
"To prove that, yes, that was a stolen drivers licence that they utilised."
She said she spent hours contacting firms to update her credit history.
"That was a really lengthy process, but I knew that's what I had to do because my credit rating is important to me," Nadine said.
"I don't even have a credit card and I don't ever intend on having one, and these type of applications can really harm your credit rating.
"I didn't want them registered in my name."
She also placed a ban on her credit file to stop further applications, but it means whenever she wants credit it's not a simple process.
"I went to Telstra one afternoon and said, 'I'll apply to move to Telstra'. They go to do the credit check and I completely forgot that I had a freeze on my credit report.
"And I felt like I was being punished for having a bad credit rating."
* Sarah's name was changed to protect her privacy.