Your email password may already be sitting on the dark web waiting for someone to buy it. That is the blunt warning from Nigeria’s cybersecurity watchdog this week.
The Nigerian Computer Emergency Response Team, known as ngCERT, has issued a fresh advisory about the rising theft of email passwords and login details across the country. The agency says stolen email credentials are now one of the biggest tools cybercriminals use to commit fraud, steal identities, and launch phishing attacks.
According to ngCERT, billions of compromised email credentials are currently circulating online. These details are stolen during data breaches, then sold in bulk on dark web marketplaces and underground forums where criminals buy them for a few dollars at a time.
This makes email accounts one of the most attractive targets for hackers anywhere in the world, not just in Nigeria. Once a criminal buys your login details, they do not need to guess your password. They already have it.
How One Stolen Password Can Open Many Doors
Don't MIss This Article
ngCERT explained that many people use the same password across different apps and websites. This is exactly what hackers count on.
Criminals use a method called credential stuffing. This means they take stolen usernames and passwords and test them automatically across many different platforms at once. If you reuse your email password on your bank app or social media, one leak can give a hacker access to everything.
The agency warned that once your email is hacked, the damage spreads fast. Hackers can read your private messages, see your financial records, and use password reset links to break into your other online accounts too.
Don't MIss This Article
Fraud, Identity Theft, and Fake Emails From “You”
ngCERT listed several dangers that come from a hacked email account. These include identity theft, financial fraud through stolen banking details, and something called Business Email Compromise, where criminals send fake messages that look like they are from a real company or person you trust.
Because these messages come from an email address that looks genuine, they are harder to spot than normal scam messages. A hacked email can also lead to leaked personal or company data, which can damage a person’s reputation or even shut down a business for a while.
What ngCERT Wants Nigerians To Do Now
The agency gave clear advice to protect your email account. It urged Nigerians to use strong, different passwords for every account instead of repeating the same one everywhere.
ngCERT also recommended turning on Multi-Factor Authentication, often called MFA, on every account that offers it. This adds a second step, like a code sent to your phone, before anyone can log in, even if they already have your password.
The agency also suggested using a password manager to help create and store strong passwords safely. Nigerians were also encouraged to check the website Have I Been Pwned to see if their email has already been caught in a past data breach. If it has, ngCERT says you should change your password immediately and watch your accounts closely for anything unusual.
Other tips from the agency include being careful with links and attachments from unknown senders, and turning on login alerts so you get notified right away if someone tries to access your account from a new device.
For Businesses, the Advice Goes Further
ngCERT did not stop at advice for individuals. The agency also told companies to regularly check who has been logging into their systems, set up spam filters and anti-phishing tools, and train staff to spot suspicious emails before they cause harm.
It added that educating both employees and family members about safe email habits is one of the simplest ways to reduce the risk of falling victim to these attacks.
Why This Should Matter to You Today
Email is the key that unlocks almost everything online now, from your bank app to your social media to your work documents. If someone gets into your email, they may not stop there. The simplest way to stay safe right now is to stop reusing passwords, turn on MFA wherever you can, and check if your email has been part of a leak. It takes a few minutes and could save you a lot of stress later.
