Nigeria Records Over 150,000 Compromised Accounts in H1 2025 Despite Drop in Data Breaches — Surfshark Report

More than 150,000 Nigerian online accounts were compromised in the first half of 2025, according to a new report by cybersecurity firm Surfshark. Despite a significant 73% drop in breaches between Q1 and Q2 — from 120,000 to 31,800 incidents — the findings highlight Nigeria’s persistent vulnerability to cyber threats.

The report paints a mixed picture: while the downward trend in Q2 offers hope, the volume of exposed personal data still poses serious concerns for individual users and the broader digital ecosystem.

Nigeria Ranks 3rd in Sub-Saharan Africa for Total Breaches

Surfshark revealed that Nigeria has suffered 23.3 million breached accounts since 2004, placing it third in Sub-Saharan Africa in terms of cumulative impact.

• 13 million of those compromised accounts involved password leaks.
• 7.3 million unique Nigerian email addresses have been exposed across multiple breaches.
• Statistically, 1 in 10 Nigerians has experienced at least one data breach — a troubling indicator of the country’s cybersecurity weaknesses.

“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web,” said Sarunas Sereika, Product Manager at Surfshark.

Breaches May Be Falling, But Risk Remains High

Though the drop in Q2 breaches in Nigeria is a welcome development, experts warn against complacency.

“Cyberthreats are constantly evolving, and attackers are adapting their tactics,” Surfshark stated in the report. The firm emphasized the importance of:

• Using strong, unique passwords,
• Regularly updating credentials,
• And enabling two-factor authentication (2FA) to better secure accounts.

The report also urged Nigerian authorities and private tech firms to invest in stronger digital infrastructure, public awareness campaigns, and more robust data protection policies.

Nigeria vs the World: Where Do We Stand?

Globally, data breaches surged 34% in Q2 2025, with leaked accounts increasing from 70 million in Q1 to 94 million in Q2.

Top five countries by volume of compromised accounts in Q2:

1.     United States – 42.5 million

2.     France – 11.4 million

3.     India – 1.7 million

4.     Germany – 1.3 million

5.     Israel – 1.2 million

When adjusted for population size, France ranked highest in breach density, with 172 leaked accounts per 1,000 people, followed by:

• Israel (130 per 1,000),
• U.S. (123),
• Singapore (26),
• Canada (24).

How Surfshark Compiled the Data

Surfshark’s analysis is based on data from 29,000 publicly available breached databases. The firm treated each email address as a distinct account, regardless of how many times it appeared across multiple leaks.

• In many cases, breached records included not just emails and passwords, but also phone numbers, IP addresses, and location data.
• Countries with populations under one million were excluded to ensure statistical accuracy.

The Bigger Picture

While Nigeria has shown a promising dip in breach numbers for Q2, experts warn that this does not necessarily signal an end to the crisis.

“Cybercrime in Nigeria is not just a tech problem — it’s a national security and economic risk. Citizens’ digital identities are being harvested and weaponized,” said one local cybersecurity analyst reacting to the report.

As Nigeria continues its digital transformation — with increasing reliance on online platforms for banking, healthcare, education, and communication — the stakes for cybersecurity have never been higher.