NATURAL NEWS

Insider breach rocks Nigeria's digital ID system as personal data is sold online

By lauraharris // 2025-08-17

• Insiders at Nigeria's National Identity Management Commission (NIMC) are reportedly selling citizens' sensitive data, including NINs, BVNs and photos, on the open market, compromising access to banking, government services and digital verification.
• Investigative journalist Timileyin Akinmoyeje uncovered a platform called NINPrint.com, which offered access to identity data for just a few hundred naira, using basic details like phone numbers.
• After funding an account and testing the service, Akinmoyeje was able to retrieve NIN and BVN information linked to Nigerian journalists, confirming that identity data could be accessed with minimal input.
• Experts warn that centralized digital ID systems, like Nigeria's, create single points of failure, where one breach can expose multiple systems and permanently compromise citizens' identities.
• Exposed data can be used for fraud, identity theft, targeted scams and even physical threats like stalking or kidnapping, with long-term emotional, financial and reputational harm to victims.

Nigeria's ambitious push toward a centralized digital identity system has hit a major roadblock, as fresh allegations point to a devastating internal breach of the country's national identity database. According to Timileyin Akinmoyeje, an investigative journalist for the Foundation for Investigative Journalism, insiders at the National Identity Management Commission (NIMC) are reportedly selling citizens' sensitive information on the open market. The leaked data includes National Identification Numbers (NINs), Bank Verification Numbers (BVNs), photographs and other personally identifiable information – exactly the type of details that provide access to banking services, government benefits and digital identity verification. Akinmoyeje began searching for other websites offering NIN or BVN verification services out of curiosity and concern after the the country's earlier XpressVerify scandal. He stumbled upon NINPrint.com, a website that branded itself as a digital identity and background check platform. NINPrint offered a wide range of services – from NIN and BVN lookups using basic personal information to bank account validation, voter card access and even "people tracking" – for just a few hundred Nigerian naira. (Related: LexisNexis DATA BREACH showcases security risks of corporate data warehouses.) With the consent of colleagues, Akinmoyeje tested the service, which required account funding. She revealed it was operated by Abbeytech Ventures, a business registered to Abdullahi Shogbanmu Abiodun. The associated phone number traced to a cybercafe that also advertised itself as a registration center for Nigeria's National Youth Service Corps. "I funded my account with ₦150 ($0.10) and attempted a few searches. Some failed and simply deducted the money. But on the fourth attempt, the platform produced results. I was able to access NIN and BVN-linked information using only phone numbers, including those of three Nigerian journalists," Akinmoyeje wrote in his article for the foundation on July 29.

Insider breach exposes millions to lifelong risk of identity theft, fraud and exploitation

The revelations have caused serious doubt on the government's ability to safeguard the very data it has centralized. "Centralized digital ID systems create a single, all-or-nothing point of trust. Once that point is breached, the consequences spread far beyond the original leak, because the same identifiers feed multiple systems, financial, governmental and even biometric verification," Ken Macon warned in a piece for Reclaim the Net. "This design means one compromised access channel can silently open doors across an entire society. Unlike a credit card number, which can be replaced, identifiers like a NIN or biometric template are permanent, locking citizens into a lifetime of exposure once stolen." Akinmoyeje also echoed a similar stance in his article, writing that "exposing sensitive information … puts individuals at risk. "Criminals can use these details to steal identities, open bank accounts, take loans or commit crimes in the victim's name. Fraudsters can also bypass some bank verification processes and carry out unauthorized transactions, potentially draining bank accounts. "This allows for more targeted scams, phishing attempts and social engineering attacks. In some cases, victims may even be blacklisted from banking services if their details are used in fraudulent transactions. "Beyond financial risks, there are physical and emotional consequences. Knowing a victim's home address and phone number could lead to harassment, stalking or even kidnapping. Victims may also face reputational damage if their stolen identities are used to commit crimes, and their personal privacy is permanently compromised." Visit CyberWar.news for similar stories about hacking, cyber attacks and data breaches. Watch this video about how to safeguard computers from viruses and hackers. This video is from the Hackers Beware channel on Brighteon.com.

More related stories:

Malware data breach exposes 16 BILLION login credentials.

Massive DATA BREACH exposes personal data of 700 million users of Microsoft-owned LinkedIn.

Xfinity notifies customers of data breach due to "software vulnerability".

Sources include: ReclaimTheNet.org FIJ.ng Brighteon.com

glitch privacy hacking personal data data breach cyber war hack dangerous leaked Nigeria data privacy information technology computing privacy watch real investigations digital ID NIMC