At least 10 out of every 100 Nigerians have fallen victim to data breaches since 2004, according to a new report by global cybersecurity firm Surfshark, raising serious concerns about the country’s long-standing vulnerability to cyber threats.
Surfshark’s research is based on data gathered from 29,000 publicly available databases. Each unique breached email address is treated as a separate user account, and breaches often include additional personal data such as passwords, phone numbers, IP addresses, and postal codes. The data was anonymised before analysis, and countries with populations under one million were excluded from the study.
Findings of the report revealed that a staggering 23.2 million Nigerian user accounts have been compromised in the past two decades, an alarming figure in a country with an estimated population of over 230 million. This includes 7.3 million unique email addresses and 13 million passwords leaked into the public domain.
“Cyberattacks remain a persistent and growing threat globally, and Nigeria is no exception,” Surfshark stated in its analysis.
Despite a significant 85 per cent drop in new data breaches in the first quarter of 2025, falling from the previous quarter’s numbers—Nigeria still recorded over 119,000 breached accounts during the period. This places the country 34th worldwide in total breach volume.
Even with the recent decline, the scale and depth of past breaches remain troubling. According to the report, 56 percent of Nigerian users affected by breaches are at heightened risk of identity theft, extortion, and unauthorised access to their online accounts.
“In Q1 2025 alone, an estimated one Nigerian account was breached every minute,” Surfshark noted.
The global picture also shows a dramatic shift: the number of leaked accounts dropped 93 percent year-on-year—from nearly 974 million in Q1 2024 to just 68.3 million in Q1 2025. Countries with the highest number of breaches include the United States (16.9 million), Russia (4.4 million), and India (4.2 million).
However, when adjusted for population, smaller nations like South Sudan, Spain, and Slovenia reported the highest breach density, with South Sudan recording 61 breached accounts per 1,000 residents.
Surfshark’s research lead, Luís Costa, warned that the downturn in breach numbers should not lead to a false sense of security.
“Cyberthreats are constantly evolving, and attackers are adapting their tactics. Strong security practices, frequent password updates, and enabling two-factor authentication remain essential,” Costa stated.
The report underscores the urgent need for improved cybersecurity infrastructure and public awareness in Nigeria, as millions remain exposed to potential exploitation due to past breaches.
