The total number of breached accounts in Nigeria between 2004 and the first half of 2025 stands at 23.3 billion.
Out of this number, about 13 million accounts had passwords leaked, putting 56 per cent of users at risk of account takeover, extortion, or identity theft, according to data released by Cybersecurity firm Surfshark on Thursday.
The report contains an interactive map, country comparisons, quarterly and country-level trends, regional analyses, and other leaked data point statistics, including the number of accounts copied, transmitted, viewed, and stolen from data holders.
According to the report, most people use the same email for different accounts when registering online. “That’s why a single email or account can be breached several times in separate cases, and some numbers may seem so high (like 23.1billion total breached accounts); 26.6 per cent of the total breached accounts did not contain information about a person’s country of residence, “it pointed out.
Since 2004, Surfshark said, “ A total of 23.1 billion accounts have been breached, and approximately 7.7 billion of them have unique email addresses. That means that, on a global scale, a single email address is breached around three times, 94 unique emails.
“For every 100 people, 94 unique email addresses are breached. On average, 281 accounts are breached per 100 people.”
Meanwhile, the global cybersecurity report also disclosed that 13 million Nigerians’ passwords were leaked in various breaches over the years.
The report added that more than 150,000 Nigerian accounts were compromised in just the first half of 2025. While the number of incidents dropped sharply between the first and second quarters, from 119,000 in Q1 to 31,800 in Q2, with a 73 per cent decline, the cumulative data signals widespread vulnerability and underlines the urgency of cybersecurity reform.
“Out of this number, 13 million Nigerian accounts had passwords leaked,” the report stated, placing 56 per cent of the country’s affected users at risk of account takeover, identity theft, extortion, or exposure to phishing attacks.
The report added that 7.3 million unique Nigerian email addresses have been exposed in leaks tracked so far.
Invariably, it means 10 out of every 100 Nigerians have had their data compromised at some point, a trend Surfshark describes as a significant threat to personal privacy, digital trust, and national cybersecurity readiness.
“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web,” said a product manager at Surfshark, Sarunas Sereika.
Although Nigeria recorded fewer breaches in Q2, the global situation worsened. Leaked accounts jumped from 70 million in Q1 to 94 million in Q2, a 34 per cent increase. The United States led the chart with 42.5 million breached accounts, followed by France (11.4 million), India (1.7 million), Germany (1.3 million), and Israel (1.2 million).
The firm disclosed, “Cyberthreats are constantly evolving, and attackers are adapting their tactics. Strong security practices, frequent password updates, and enabling two-factor authentication remain essential.”
