Advisory Released Regarding Numerous Cybersecurity Breaches

Digital Encode Limited, a prominent information security and governance, risk, and compliance (GRC) advisory firm, has released an urgent cybersecurity advisory after a sharp rise in breaches affecting banks, government agencies, fintech companies, and other organisations in Nigeria.

Recent cyber‑threat actors have exposed data that they claim comes from both private and public institutions in the country, highlighting the need for stronger security frameworks, proactive threat monitoring, and coordinated incident‑response procedures.

According to the advisory, most of the latest attacks are not driven by sophisticated zero‑day exploits but rather by preventable weaknesses in basic security settings, credential management, and operational controls.

Signed by Digital Encode’s Chief Visionary Officer, Professor Obadare Adewale Peter, the advisory notes that attackers are increasingly targeting misconfigured systems and publicly exposed assets—such as unsecured databases, open cloud storage buckets, leaked API keys, and critical servers that are exposed to the internet. Many of these assets can be found through open repositories, cloud‑indexing tools, and even dark‑web marketplaces.

The advisory lists several key concerns: publicly accessible cloud storage that exposes sensitive customer and operational data; hard‑coded secrets in web and mobile applications, including API keys and tokens; leaked credentials in repositories and deployment artifacts; weak internal access controls and over‑reliance on single authentication layers; and the exposure of administrative endpoints, API documentation, and development environments in production.