A new report by cybersecurity firm Surfshark has revealed that over 119,000 user accounts in Nigeria have already been breached in 2025, underscoring the persistent threat of cyberattacks despite a global decline in data leaks.
According to the report, Nigeria ranks third in Sub-Saharan Africa for the highest number of total breaches since 2004, with more than 23.2 million compromised accounts recorded.
While data breaches in the country dropped by 85% between the last quarter of 2024 and the first quarter of 2025, the volume of exposed data remains alarming. Surfshark noted that, on average, one Nigerian account has been leaked every minute this year.
The report further revealed that 7.3 million of the compromised accounts were tied to unique email addresses, suggesting that many individuals had their data leaked multiple times. Additionally, about 13 million passwords were exposed, placing 56% of affected Nigerians at greater risk of identity theft, extortion, or account takeovers.
Statistically, 10 in every 100 Nigerians have fallen victim to data breaches, while 94 unique email addresses have been leaked per 100 people nationwide.
One of the most notable breaches cited occurred in September 2024, when a hacker identified as Addka72424 leaked 3.3 billion email addresses globally, including over 2.5 million belonging to Nigerians. The hacker described the action as a “small experiment” to expose the extent of personal data freely accessible online.
Globally, the number of breaches has declined sharply—down 93% from 973.7 million in Q1 2024 to 68.3 million in Q1 2025—but Surfshark warned that the threat landscape is constantly shifting.
“Cyberthreats continue to evolve, and attackers are constantly adapting their tactics,” said Luís Costa, Research Lead at Surfshark.
He advised individuals and organisations to improve their online safety by using stronger passwords, enabling two-factor authentication, and staying alert to emerging cyber risks.
