More Than 150,000 Nigerian Online Accounts Breached in Early 2025 Despite Drop in Cyberattacks

In the first six months of 2025, over 150,000 online accounts belonging to Nigerians were compromised in cyberattacks, raising new concerns about the nation’s digital security. This is according to a new report by cybersecurity company Surfshark, which highlights both progress and ongoing threats in Nigeria’s battle against data breaches.

Although Nigeria saw a notable decline in the number of breaches between the first and second quarters of 2025 — a 73% drop to be exact, the sheer volume of affected users paints a worrying picture. In the first quarter alone, over 119,000 breaches were recorded. By Q2, that number had dropped to about 31,800, but it still leaves Nigeria among the most affected nations in Sub-Saharan Africa.

The report not only reveals trends in cyberattacks but also underscores the pressing need for individuals and organizations in Nigeria to take digital security more seriously.

Nigeria has been no stranger to data breaches over the past two decades. Since 2004, more than 23 million online accounts in the country have been compromised. This puts Nigeria in third place in Sub-Saharan Africa in terms of total data breach incidents, trailing only behind South Africa and Kenya.

Even more alarming is the fact that out of those 23 million exposed accounts, nearly 13 million had their passwords leaked. That means over half of the affected users, around 56% — were left vulnerable to malicious activities like identity theft, blackmail, or having their accounts hijacked.

In practical terms, that could mean someone gaining unauthorized access to a personal email account, social media profiles, online banking apps, or cloud storage. And in some cases, that data may even be sold on dark web marketplaces, where stolen information is traded like digital currency.

The report further notes that 7.3 million unique Nigerian email addresses have appeared in leaked datasets over the years. Whether through phishing scams, malware infections, or hacked databases, the email exposure rate is alarmingly high.

To put this in perspective: for every 100 Nigerians using the internet, 10 have already had their information compromised at some point. It’s a wake-up call not just for everyday users, but also for businesses and public institutions that handle sensitive customer data.

While Nigeria may have seen a short-term improvement in Q2, global data breach numbers are moving in the opposite direction. Worldwide, the number of compromised accounts rose from 70 million in the first quarter to 94 million in the second — a 34% increase in just three months.

The United States remains the most affected country with 42.5 million breaches in Q2 alone. France follows with 11.4 million, then India with 1.7 million, Germany with 1.3 million, and Israel with 1.2 million.

When adjusted for population size, France recorded the highest breach density: 172 leaked accounts per 1,000 residents. Israel followed with 130, then the US with 123, Singapore with 26, and Canada with 24.

These figures suggest that cybercriminals are evolving their methods and widening their targets, not just focusing on large countries, but also going after smaller ones with significant digital footprints.

Sarunas Sereika, Product Manager at Surfshark, explained that digital convenience often comes with a hidden cost.

“In today’s world, we rely heavily on the internet for everyday tasks, from shopping and banking to healthcare and communication. All of this requires us to share personal information. Unfortunately, when that data falls into the wrong hands, it can be used to impersonate, scam, or exploit us,” he said.

To carry out its research, Surfshark analyzed data from over 29,000 publicly accessible databases that had been breached. The data was anonymized and aggregated, focusing primarily on email addresses but also including other personal information such as phone numbers, IP addresses, zip codes, and passwords.

Each email address counted as one compromised account. In cases where multiple data points were exposed alongside the email, the risks to users were even greater.

The report does not include countries with fewer than one million people, as the aim is to provide a broader statistical understanding of how widespread and dangerous digital breaches have become globally.

Given the growing sophistication of cyber threats, experts say it’s more important than ever for Nigerians to adopt proactive digital safety habits.

These include:

• Using strong and unique passwords for each online account

• Changing passwords regularly and avoiding reuse across platforms

• Enabling two-factor authentication (2FA) wherever possible

• Being cautious about clicking links in emails or text messages

• Avoiding the use of unsecured Wi-Fi networks for sensitive transactions

• Regularly checking if your email or data has been exposed using tools like “Have I Been Pwned”

Additionally, both public and private institutions in Nigeria are being urged to invest in stronger data protection infrastructure and ensure compliance with the Nigeria Data Protection Act. Regulatory bodies like the Nigeria Data Protection Commission (NDPC) have already begun sanctioning companies for lax data practices, and enforcement is expected to become more aggressive in the coming years.

The sharp drop in Q2 breaches is a promising development, but the overall numbers remain far too high to be ignored. With millions of Nigerian users still vulnerable, the country cannot afford to let its guard down.

Digital transformation is unstoppable, but it must go hand in hand with digital security. For a country like Nigeria, where mobile adoption and internet access are growing rapidly, the time to build safer online systems and smarter users is now.