Nigeria’s Fintech Security Shock: ₦677M Stolen, 900K PII Records Leaked, 3TB of Data Exposed

Three major breaches rocked Nigerian fintech recently. FCMB lost ₦677 million due to an API logic flaw. Sterling Bank faced a leak of personally identifiable information for over 900,000 customers. Remita accidentally exposed 3TB of archival data in a public cloud bucket. At FCMB, attackers exploited a reconciliation gap in the Payattitude integration. They launched “zero balance” transactions that bypassed funding checks. The system flagged the theft only after ₦3.5 billion was attempted, but hackers withdrew ₦677 million before controls kicked in. Sterling Bank’s breach targeted an Oracle WebLogic Server vulnerability. The middleware misconfiguration let hackers bypass authentication and extract 2.2GB of customer data. Scammers can now use real account details for advanced social engineering attacks. Remita’s incident stemmed from a public S3 bucket misconfiguration. Anyone with the endpoint could download 3TB of files. Exposed data included KYC documents, database exports, security keys, and developer blueprints. This leak offers a roadmap for future attacks on connected financial systems.

Use The App To Win ₦1m

Stories are shared by community members. This article does not represent the official view of NaijaWorld — the author is solely responsible for its content.