More than 150,000 Nigerian user accounts were compromised in the first half of 2025, despite a sharp drop in reported data breaches in the second quarter. This is according to a new report by cybersecurity firm Surfshark, which highlights the ongoing challenges facing Nigeria’s digital security landscape.
The report shows that data breaches in Nigeria fell by 73% between Q1 and Q2, dropping from 120,000 to 31,800 incidents. While the decline is encouraging, cybersecurity experts warn that the total number of affected users still reflects deep vulnerabilities within the country’s digital infrastructure.
“Today’s digital age requires all of us to share more and more personal information to carry out daily tasks. In the wrong hands, this data can be used to commit identity theft, for targeted scams, or sold on the dark web,” said Sarunas Sereika, Product Manager at Surfshark.
Since 2004, Nigeria has recorded 23.3 million breached accounts, making it the third most affected country in Sub-Saharan Africa. Of this total, 13 million accounts were found to have leaked passwords, putting 56% of users at risk of account takeover, identity theft, or blackmail. In addition, over 7.3 million unique Nigerian email addresses have been exposed in various leaks. On average, 10 out of every 100 Nigerians have been affected by a data breach, underscoring the urgent need for stronger digital protections.
While Nigeria saw a decline in Q2, global data breaches rose significantly. The number of leaked accounts worldwide surged from 70 million in Q1 to 94 million in Q2 2025—a 34% increase. The United States led with 42.5 million compromised accounts, followed by France (11.4 million), India (1.7 million), Germany (1.3 million), and Israel (1.2 million). When adjusted for population, France had the highest breach density in Q2 with 172 leaked accounts per 1,000 residents, followed by Israel (130), the U.S. (123), Singapore (26), and Canada (24).
“Cyberthreats are constantly evolving, and attackers are adapting their tactics,” Surfshark noted. “Strong security practices, frequent password updates, and enabling two-factor authentication remain essential.”
Surfshark’s findings are based on data drawn from over 29,000 publicly available breached databases, which were anonymized and aggregated for analysis. Each email address was treated as a separate account, with many leaks also exposing passwords, phone numbers, IP addresses, and postal codes. The report excludes countries with populations under one million and aims to provide a statistical overview of global trends in data breaches and the growing risks to digital identity.
