Nigeria recorded more than 150,000 compromised user accounts in the first half of 2025, according to a new report by cybersecurity firm Surfshark, raising concerns over the country’s persistent exposure to digital threats despite a significant drop in breach incidents during the second quarter.
The report revealed that data breaches in Nigeria dropped sharply by 73%, from 120,000 cases in Q1 to 31,800 in Q2.
While this decline marks a positive development, experts warn that the overall figures still signal enduring vulnerabilities in the nation’s digital infrastructure.
“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web,” said Sarunas Sereika, Product Manager at Surfshark.
With 23.3 million breached accounts since 2004, Nigeria ranks third in Sub-Saharan Africa in terms of total compromised accounts, behind South Africa and Kenya.
The report further indicates that about 13 million of these accounts had passwords exposed, putting 56% of users at risk of identity theft, extortion, or account takeovers.
Despite the drop in Q2 figures, analysts caution that the scale of cumulative breaches shows that cyberattacks remain a persistent national threat, demanding more robust security frameworks and user awareness.
While Nigeria saw improvement in Q2, the global picture worsened. Worldwide, the number of leaked accounts surged by 34%, from 70 million in Q1 to 94 million in Q2.
Top countries by volume of compromised accounts: United States – 42.5 million; France – 11.4 million; India – 1.7 million; Germany – 1.3 million; Israel – 1.2 million.
READ ALSO: ‘Account for security votes spending, invite EFCC, ICPC’, SERAP tells 36 governors
When adjusted for population size, France had the highest breach density at 172 leaked accounts per 1,000 residents, followed by Israel (130), the U.S. (123), Singapore (26), and Canada (24).
Surfshark said its findings were derived from over 29,000 publicly accessible data sets, with email addresses used as identifiers. Many breaches also included sensitive information such as passwords, phone numbers, IP addresses, and zip codes.
The report excluded countries with fewer than one million residents and aimed to offer a comprehensive view of the rising global threat to digital identity and cybersecurity.
“Cyberthreats are constantly evolving, and attackers are adapting their tactics. Strong security practices, frequent password updates, and enabling two-factor authentication remain essential,” the firm advised.
The warning comes as Nigeria continues to expand its digital economy, prompting calls for stronger data protection regulations, increased cybersecurity education, and faster enforcement of digital protection laws to safeguard citizens and businesses alike.
Business6 days ago
Crime1 week ago
Business1 week ago
Latest3 days ago
Politics1 week ago
Latest4 days ago
Education1 week ago
Business4 days ago