Despite a recent dip in reported data breaches, Nigeria remains one of the most exposed countries in the global cybersecurity landscape, with the passwords of over 13 million citizens leaked across numerous incidents over the years. A new report by cybersecurity firm Surfshark highlights the growing urgency of digital protection, warning that Nigeria is still grappling with a serious and persistent security threat.
According to the report released on Thursday, more than 150,000 Nigerian accounts were compromised in just the first half of 2025. Although breaches sharply declined between the first and second quarters—from 119,000 in Q1 to 31,800 in Q2, marking a 73 percent drop—the broader picture remains troubling. Since Surfshark began tracking breaches in 2004, Nigeria has recorded 23.3 million compromised accounts, making it the third most affected country in Sub-Saharan Africa after South Africa and Kenya.
Of those affected, 13 million accounts were found to have leaked passwords, placing more than half of Nigeria’s compromised users at risk of identity theft, extortion, phishing, and other malicious attacks. The report also notes that 7.3 million unique Nigerian email addresses have been exposed, further deepening concerns about digital vulnerability.
Surfshark’s data suggests that roughly 10 out of every 100 Nigerians have had their personal data compromised at some point—an alarming statistic that underscores the country’s fragile cybersecurity posture. “In today’s digital world, the more information we share, the greater the risk of it falling into the wrong hands,” said Sarunas Sereika, a Surfshark product manager, warning that such data is often exploited for identity fraud or sold on the dark web.
While Nigeria saw fewer breaches in Q2 2025, the global picture was less optimistic. Worldwide, leaked accounts surged from 70 million in Q1 to 94 million in Q2, a 34 percent increase. The United States led with 42.5 million compromised accounts, followed by France (11.4 million), India (1.7 million), Germany (1.3 million), and Israel (1.2 million).
When adjusted for population, France recorded the highest breach density, with 172 accounts leaked per 1,000 residents, followed by Israel (130), the U.S. (123), Singapore (26), and Canada (24).
The Surfshark report brings renewed focus to Nigeria’s weak digital infrastructure and lax enforcement of data protection laws. While the recent Nigeria Data Protection Act is a step forward, inconsistent enforcement and poor digital hygiene among users remain serious challenges.
The findings were based on analysis of over 29,000 publicly available breached databases, using anonymized data for statistical insights. Each email address was treated as an individual account, many of which also exposed passwords, phone numbers, IP addresses, and other sensitive details.
Surfshark emphasized that most of these breaches could have been prevented with better digital practices. The report points to repeated password use, inadequate access control, and lack of two-factor authentication as key weaknesses. “Cyberthreats evolve rapidly. Basic protections like strong passwords and two-factor authentication are no longer optional—they are essential,” the company stressed.
As digital dependence grows across Nigeria, the need for serious investment in cybersecurity awareness, infrastructure, and law enforcement remains more urgent than ever.