Nigeria Faces Alarming Cybersecurity Threats: Over 23 Million Accounts Compromised
A report by global cybersecurity firm Surfshark has revealed that a shocking 10% of Nigerians have fallen victim to data breaches since 2004, illuminating the country’s ongoing exposure to cyber threats. This revelation underscores serious concerns regarding Nigeria’s cybersecurity infrastructure and the increasing vulnerability of its digital landscape.
Surfshark’s analysis draws on data from approximately 29,000 publicly accessible databases, treating each unique breached email address as an individual user account. Often, these breaches reveal sensitive information, including passwords, phone numbers, IP addresses, and postal codes. It’s noteworthy that data was anonymized prior to the analysis, and the study omitted countries with populations below one million to focus on more significant data patterns.
The findings are stark; an estimated 23.2 million Nigerian user accounts have been compromised over the past two decades, a troubling statistic given the nation’s population of over 230 million. This figure includes 7.3 million email addresses and approximately 13 million passwords that have entered the public domain.
In its report, Surfshark highlights the alarming rise of cyberattacks, stating, "Cyberattacks remain a persistent and growing threat globally, and Nigeria is no exception." Even with an 85% decline in new data breaches reported in the first quarter of 2025, Nigeria still logged over 119,000 compromised accounts, ranking the country 34th globally in breach volume.
Despite this decrease, the remnants of previous breaches present a daunting challenge. The report indicates that 56% of Nigerian users affected by breaches now face heightened risks of identity theft, extortion, and unauthorized access to their online accounts. Surfshark estimated that during the first quarter of 2025, a Nigerian account was breached roughly every minute.
Globally, the landscape has shifted significantly; the number of leaked accounts plummeted by 93% year-on-year, from nearly 974 million in Q1 2024 to just 68.3 million in Q1 2025. Notable countries experiencing high breach numbers include the United States with 16.9 million compromised accounts, Russia at 4.4 million, and India with 4.2 million.
However, when taking population size into account, smaller nations such as South Sudan, Spain, and Slovenia exhibited the highest breach densities. South Sudan, for instance, reported 61 breached accounts for every 1,000 residents.
Luís Costa, Surfshark’s research lead, cautions against complacency despite the recent downturn in breach numbers, stating, "Cyberthreats are constantly evolving, and attackers are adapting their tactics." He emphasizes that robust security practices—including regular password updates and enabling two-factor authentication—are essential for safeguarding digital assets.
This report serves as a clarion call for Nigeria, highlighting the pressing need for stronger cybersecurity measures and increased public awareness to shield citizens from potential exploitation stemming from these breaches. The existing vulnerabilities emphasize the urgency for business leaders to adopt better cybersecurity practices and stay informed about the evolving threat landscape.
In the context of MITRE ATT&CK, common adversary tactics that may have been employed in these incidents include initial access through phishing attacks, persistence via installed malware, and privilege escalation techniques to access sensitive accounts. These tactics reflect the sophisticated methods cybercriminals use to exploit vulnerabilities, placing additional emphasis on the necessity of comprehensive security strategies for organizations operating within Nigeria’s digital ecosystem.
