A Hacker Just Put Nearly One Million Nigerians' Loan Data Up for Sale
You applied for a loan and submitted your ID, your bank statement, your selfie and your next of kin. Now someone is selling all of that online.
Think about everything you submitted the last time you applied for a loan. Your passport, bank statements, BVN, next of kin's phone number, selfie, salary details and signed agreement with the company.
Now imagine all of that, yours and nearly one million other people's, sitting on a cybercrime forum right now, available for anyone willing to pay the right price.
According to threat intelligence reports that surfaced on April 25, 2026, that is exactly what may have happened to customers of Fast Credit Finance Company Limited, a CBN-licensed microfinance lender operating in Nigeria.
A threat actor using the name “iProfessor” is allegedly offering 870 gigabytes of stolen data for sale on a popular cybercrime forum. The dataset reportedly contains 939,887 records and is being sold to a maximum of five buyers only. Limiting buyers is deliberate. It keeps each copy exclusive, drives up the price and ensures the data retains value long enough to be exploited.
The breach was first flagged by Dark Web Informer, a threat intelligence account on X, which described it as one of the biggest hacks in Nigeria's financial sector. Fast Credit, the CBN and the Nigeria Data Protection Commission have all made no public statement as of the time of writing.
The alleged stolen data goes far beyond names and phone numbers. It includes government-issued ID scans, bank statements, loan records, signed contracts, customer correspondence, next of kin details and personal selfies. In cybersecurity language, that complete package is called a fullz, everything needed to steal someone's identity, take loans in their name or drain their accounts entirely.
Of particular concern is that a notable portion of the records allegedly belong to Nigerian police officers, meaning their home addresses and personal details could now be in very dangerous hands.
What You Should Do Right Now?
If you have ever borrowed from Fast Credit, treat your data as potentially compromised. Change your banking passwords immediately. Enable two-factor authentication on every financial app. Be suspicious of any calls or messages asking you to verify your details and warn your next of kin, their information may be in that file too.
Techblit Note
TechBlit is reporting the allegation as reported by verified threat intelligence sources and corroborated by multiple credible Nigerian technology and business outlets. No official confirmation has been issued by Fast Credit Finance Company Limited, the CBN or the NDPC. TechBlit will update this article as new information becomes available.
Do you think Nigerian financial institutions are taking data security seriously enough?