Nigeria Faces Major Cybersecurity Crisis with 24.1 Million Compromised Accounts

Severity: High (Score: 66.0)

Sources: Itweb.Co.Za, Guardian.Ng

Summary

A Surfshark report reveals that Nigeria has recorded 24.1 million compromised user accounts since 2004, making it the third most affected country in Sub-Saharan Africa. In the first quarter of 2026 alone, 281,500 accounts were leaked, ranking Nigeria as the 34th most breached nation globally. The report indicates that 7.5 million unique email addresses and approximately 13 million passwords linked to Nigerian users have been exposed. Cyber threats have intensified, with risks including identity theft and financial fraud. The National Information Technology Development Agency (NITDA) has issued a warning about a new AI-powered malware named DeepLoad, which targets banks and government agencies through social engineering techniques. DeepLoad can infiltrate systems, steal sensitive information, and evade detection. The malware's persistence mechanism allows it to remain active even after removal attempts, posing a significant risk to Nigerian users. Key Points: • Nigeria has 24.1 million compromised accounts since 2004, with 281,500 in Q1 2026. • DeepLoad malware targets Nigerian banks and government agencies using AI and social engineering. • Over half of breached Nigerian users remain vulnerable to identity theft and financial fraud.

Key Entities

• Data Breach (attack_type)
• Liberty (company)
• Polmed (company)
• South African Police Service (company)
• Standard Bank (company)
• Stats SA (company)
• Brazil (country)
• France (country)
• India (country)
• Nigeria (country)
• South Africa (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• Financial (industry)
• Government (industry)
• DeepLoad (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1047 - Windows Management Instrumentation (mitre_attack)
• Chrome (tool)
• Firefox (platform)