Kenya named among countries with highest email account breaches
A breach occurs when an email account is accessed without the owner’s permission, which can happen due to reasons such as weak passwords, falling for phishing scams, or unknowingly installing malware on a device.
Email accounts in Kenya were among the most breached globally in 2024, with cases soaring more than 40 times to 1.9 million from 40,527 the previous year, new data reveals.
The sharp rise marks the highest number of breaches in at least five years, with attacks escalating rapidly in the final quarter of the year, during which 904,817 incidents were recorded.
More To Read
The data from Netherlands-based virtual private networks firm Surfshark shows that breaches on email accounts in Kenya have increased at the fastest pace in recent years, placing the country in the 78th position globally and seventh in Africa.
Over the past 20 years, Kenya has experienced 7.8 million account violations, with 7,453 incidents occurring per 100,000 people.
A breach occurs when an email account is accessed without the owner’s permission, which can happen due to reasons such as weak passwords, falling for phishing scams, or unknowingly installing malware on a device.
Surfshark also revealed that 22.9 billion online accounts have been breached since 2004, with approximately 8.3 billion linked to unique email addresses.
This means that, on a global scale, a single email address is compromised around three times on average.
“Most people use the same email for different accounts when registering online. That’s why a single email or account can be breached several times in separate cases, and some numbers may seem so high, like 22.9 billion total breached accounts,” reads the report.
The report also highlighted that 26.8 per cent of the total breached accounts do not include information about the individual’s country of residence.
This, Surfshark points out, means the number of country-specific breaches is likely much higher than the reported figures.
Surfshark noted that globally, “for every 100 people, 104 unique email addresses are breached,” and “on average, 285 accounts are breached per 100 people.”
The alarming trend highlights the growing scale of cyberattacks and the increased vulnerability of online accounts.
Experts have attributed the spike in breaches to the aftermath of mass tech job layoffs in 2022 and 2023.
They have opined that unemployed tech experts from major multinationals, with highly skilled backgrounds, have turned to online surveillance as an alternative activity.
According to Surfshark, the most notable wave of breaches in Kenya last year occurred in November when the international betting platform Lwin was hacked, causing a massive leakage of personal data, including punters’ names, phone numbers, and email addresses.
This was followed by an incident in September when a hacker, identified as Addka72424, released a collection of 3.3 billion unique email addresses, totalling 21.8 gigabytes of data from compromised websites.
The hacker described it as a “small” experiment to show how much public data is freely available.
In terms of scale, South Sudan tops Africa’s list of countries with the most breached online accounts, with 92.8 million violations over 20 years, followed by South Africa at 42.2 million.
Other countries in the region include Egypt (25.9 million), Nigeria (23.1 million), Morocco (18.7 million), and Algeria (11.6 million). On a global scale, the US leads with 4.4 billion breached email accounts, followed by Russia and China at 3.3 billion and 1.96 billion, respectively.
As cyber criminals in Kenya become more sophisticated, both public and private sectors are increasingly affected by cyberattacks.
One of the latest incidents involved a breach at the Business Registration Service (BRS), where sensitive data of over two million registered firms was leaked. The breach, which occurred on the night of January 31, 2024, was confirmed by BRS Director-General Kenneth Gathuma.
“Upon receiving information about the potential data breach, we swiftly activated our Incident Response Plan, initiated a thorough investigation, and informed the relevant regulatory authorities,” Gathuma said in a statement.
Gathuma added that BRS is working closely with its cybersecurity partner, law enforcement, and investigative agencies to assess the extent of the breach and implement containment measures.
“Our cybersecurity experts are collaborating with the necessary partners to evaluate the scope of the incident, determine any potential impact, and implement containment measures,” he said, assuring stakeholders that the primary focus remains the security and integrity of the company registry.
Top Stories Today
