Nigeria recorded over 150,000 compromised accounts in the first half of 2025, even as data breaches fell significantly in the second quarter.
This is according to a report by cybersecurity firm Surfshark, which also revealed that breaches in Nigeria dropped by 73% between Q1 and Q2, from 120,000 to 31,800 incidents.
Despite the decline, the total number of affected users still signals ongoing vulnerability in the country’s digital ecosystem.
“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web,” said Product Manager at Surfshark, Sarunas Sereika.
Nigeria ranks 3rd in Sub-Saharan Africa for breaches
Surfshark’s data shows that Nigeria has experienced 23.3 million breached accounts since 2004, making it the third most affected country in Sub-Saharan Africa.
- Out of this number, about 13 million accounts had passwords leaked, putting 56% of users at risk of account takeover, extortion, or identity theft.
- The report also noted that 7.3 million unique Nigerian email addresses have been exposed in various leaks.
- Statistically, 10 out of every 100 Nigerians have been affected by a data breach at some point, highlighting the scale of the problem and the urgent need for better digital safeguards.
While the Q2 decline in Nigeria is a positive sign, the sheer number of compromised accounts shows that data breaches remain a persistent threat.
Global data breaches rise sharply in Q2 2025
On the global stage, the number of leaked accounts jumped from 70 million in Q1 to 94 million in Q2, a 34% increase.
The United States led with 42.5 million compromised accounts, followed by France (11.4 million), India (1.7 million), Germany (1.3 million), and Israel (1.2 million).
When adjusted for population, France had the highest breach density in Q2 with 172 leaked accounts per 1,000 residents. It was followed by Israel (130), the US (123), Singapore (26), and Canada (24).
“Cyberthreats are constantly evolving, and attackers are adapting their tactics. Strong security practices, frequent password updates, and enabling two-factor authentication to remain essential,” Surfshark stated in the report.
How the breaches were tacked
Surfshark said its findings were based on data collected from 29,000 publicly available databases, which were aggregated and anonymized before analysis.
- Each email address was treated as a separate account, with some leaks also including sensitive data like passwords, phone numbers, IP addresses, and zip codes.
- The report excludes countries with fewer than one million residents and aims to provide a statistical overview of the growing threats to digital identity and data security.
