At least 119,000 Nigerian user accounts have already been compromised in 2025, according to a new report by cybersecurity firm Surfshark, raising fresh concerns over data security despite a significant global decline in breach incidents.
The report places Nigeria third in Sub-Saharan Africa for total data breaches since 2004, with over 23.2 million compromised accounts. It also highlights that, so far this year, one Nigerian account has been breached every minute.
A data breach occurs when sensitive user information such as names, emails, and passwords is illegally accessed, copied, or leaked. In Nigeria, over 13 million passwords have been exposed, alongside 7.3 million unique email addresses, indicating that many users have had their credentials leaked multiple times.
According to Surfshark, the first quarter of 2025 saw an 85% drop in breached accounts in Nigeria compared to the last quarter of 2024. This mirrors a wider global trend, where the number of leaked accounts plunged from 973.7 million in Q1 2024 to just 68.3 million in Q1 2025 a 93% year-on-year decrease.
Despite the drop, the scale of historical breaches remains concerning. The report notes that 10 out of every 100 Nigerians have been affected by data breaches. On a global scale, the breach density is even more staggering, with 280 accounts breached per 100 people.
In terms of breach volume for Q1 2025, Nigeria ranks 54th globally, while 94 email addresses per 100 Nigerians have been exposed in total since tracking began.
One of the most notable data breaches impacting Nigeria occurred in September 2024, when a hacker identified as Addka72424 leaked a massive dataset containing 3.3 billion email addresses worldwide including 2.55 million from Nigeria. The hacker reportedly called the leak a “small experiment” to demonstrate how much data is freely available online.
While the global breach numbers have decreased, Surfshark cautions against complacency.
“Although the number of vulnerable accounts dropped in all major regions this quarter, cyberthreats are evolving, and attackers are constantly adapting,” said Luís Costa, Surfshark’s Research Lead.
He urged individuals and organisations to adopt strict cybersecurity habits, including:
- Regularly updating passwords
- Enabling two-factor authentication
- Staying informed on emerging digital threats
The countries with the highest breach volumes in Q1 2025 were the United States, Russia, India, Germany, and Spain. South Sudan topped the list for breach density, followed by Spain, the U.S., and Germany.
