A report by the cybersecurity firm Surfshark shows that at least 119,000 user accounts in Nigeria have been compromised so far in 2025.
The company ranks Nigeria third in Sub-Saharan Africa for total breaches since 2004, with 23.2 million compromised accounts.
A data breach occurs when an intruder copies and leaks user data, such as names, surnames, email addresses, passwords, etc.
Surfshark’s analysis indicates an 85% drop in the number of leaked accounts in Nigeria from Q4 2024 to Q1 2025, in line with a global trend that saw leaked accounts plunge 93% year-on-year, from 973.7 million in Q1 2024 to just 68.3 million in Q1 2025. Still, on average, one Nigerian account has been leaked every minute in 2025.
Of these, 7.3 million are unique email addresses, meaning the average user’s email has been leaked multiple times.
Around 13 million passwords were exposed alongside Nigerian accounts. This puts 56 per cent of affected users at risk of account takeover, identity theft, extortion, or other cybercrimes. Statistically, 10 out of every 100 Nigerians have been reportedly impacted by data breaches.
Surfshark’s analysis shows that 280 accounts are breached per 100 people globally.
According to the report, the country ranks 54th globally for breaches in the year’s first quarter.
Additionally, 94 unique email addresses per 100 people have been exposed.
The most significant company-related data breach in Nigeria this decade occurred in September 2024, when a hacker identified as Addka72424 released a dataset containing 3.3 billion email addresses.
Though global, the leak included 2,555,642 Nigerian accounts. The hacker described it as a “small” experiment to show how much data is freely available online.
In Nigeria, though, data breaches dropped by 93 per cent in Q1 2025 compared to the previous quarter.
The 10 most breached countries were the United States, Russia, India, Germany, Spain, the UK, France, Canada, Argentina, and South Sudan.
The countries with the highest breach density – measured by leaked accounts per 1,000 residents – were South Sudan, Spain, the US, Germany, Slovenia, Israel, the UK, France, Russia, and Norway.
Although the number of vulnerable accounts in all major regions decreased in Q1 2025 compared to the previous quarter, people should remain vigilant.
Cyberthreats continue to evolve, and attackers are constantly adapting their tactics,” said Luís Costa, Research Lead at Surfshark.
He advised that it was essential to follow strong security practices, regularly update passwords, enable two-factor authentication, and stay informed about potential risks to protect personal and organisational data.
