Despite a recent drop in reported data breaches, Nigeria remains dangerously exposed in the global cybersecurity landscape, with the passwords of 13 million citizens leaked in various breaches over the years.
This alarming figure was revealed in a new report by cybersecurity firm Surfshark, which shows that Nigeria continues to battle a persistent and evolving digital security crisis.
The report, released on Thursday, disclosed that more than 150,000 Nigerian accounts were compromised in just the first half of 2025. While the number of incidents dropped sharply between the first and second quarters, from 119,000 in Q1 to 31,800 in Q2, a 73 percent decline, the cumulative data signals widespread vulnerability and underlines the urgency of cybersecurity reform.
Read also: Nigeria’s tax reform: Implications for the ICT and cybersecurity sector
In total, Nigeria has recorded 23.3 million breached accounts since Surfshark began tracking such incidents in 2004, making it the third most affected country in Sub-Saharan Africa after South Africa and Kenya.
“Out of this number, 13 million Nigerian accounts had passwords leaked,” the report stated, placing 56 percent of the country’s affected users at risk of account takeover, identity theft, extortion, or exposure to phishing attacks. The report added that 7.3 million unique Nigerian email addresses have been exposed in leaks tracked so far.
Statistically, 10 out of every 100 Nigerians have had their data compromised at some point, a trend Surfshark describes as a major threat to personal privacy, digital trust, and national cybersecurity readiness.
“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web,” said Sarunas Sereika, product manager at Surfshark.
Although Nigeria recorded fewer breaches in Q2, the global situation worsened. Worldwide, leaked accounts jumped from 70 million in Q1 to 94 million in Q2, a 34 percent increase. The United States led the chart with 42.5 million breached accounts, followed by France (11.4 million), India (1.7 million), Germany (1.3 million), and Israel (1.2 million).
When adjusted for population, France topped breach density with 172 accounts leaked per 1,000 residents, followed by Israel (130), the U.S. (123), Singapore (26), and Canada (24).
The Surfshark findings reinforce long-standing concerns about Nigeria’s cybersecurity infrastructure. Despite recent legislative efforts, such as the Nigeria Data Protection Act, enforcement remains inconsistent, and digital hygiene among users is generally weak.
Read also: Flaw in Microsoft SharePoint sparks global cybersecurity concern
The report’s data was gathered from over 29,000 publicly available breached databases and anonymized for statistical analysis. Each compromised email address was treated as an individual account, with many also exposing sensitive details like passwords, phone numbers, IP addresses, and zip codes.
Surfshark emphasized that most breaches stemmed from weak security practices, including reusing passwords, poor access controls, and lack of two-factor authentication.
“Cyberthreats are constantly evolving, and attackers are adapting their tactics. Strong security practices, frequent password updates, and enabling two-factor authentication remain essential,” the company said.
