Why Kenyans are prime targets for hackers, according to a cybersecurity expert [Interview]

If you’re one of those people who uses the same password for your email, Netflix, and M-Pesa app, this one’s for you. 

According to Timothy Mocho, an IT specialist and cybersecurity expert, Kenyans are walking around with digital “time bombs”  and most don’t even know it.

“Massive data breaches happen every single day,” Mocho tells the news desk. “It’s not just big companies being hacked, it’s everyday users whose logins are floating somewhere on the dark web.”

He recalls one of the most infamous breaches in 2014, when Apple’s iCloud was hacked and celebrities’ private photos were leaked online. “What many people missed,” he says, “is that thousands of regular users also had their data exposed. The same thing can happen to any Kenyan with an internet connection.”

Wondering if your credentials are already out there? Mocho recommends starting with websites like haveibeenpwned.com or DataBreach.com.

“These sites let you check if your email or password has appeared in known data breaches,” he explains. “If it has — don’t panic. Just act fast.”

Being pwned means your personal information, like your email or password, has been exposed in a data breach. 

It doesn’t always mean a hacker is inside your account at that exact moment, but it does mean your details are out there, and could be used to break into your other accounts, especially if you reuse passwords.

He adds that there are physical warning signs too. “If your phone or laptop suddenly starts running hot, slows down, or has strange apps you didn’t install, it might be compromised. In that case, see a technician or do a hard reset.”

Mocho says Kenya’s high internet penetration and obsession with social media make us prime targets.

 “We love being online, but we’re careless with passwords,” he says. “Once a hacker gets hold of one password, they’ll try it everywhere — from your TikTok to your bank app.”

And what do they do once they’re in? “Anything from scamming your contacts to stealing money or personal data. They could even lock you out of your own accounts.”

The moment you find out your data has been leaked, Mocho says you must change all your passwords immediately. Then set up multifactor authentication, that’s your real shield.

He also debunks the myth that complex passwords alone are enough.

“People think replacing letters with numbers helps, like M1ch@3l. If that’s your name or your kid’s, it’s not safe. Hackers can guess that easily.”

Mocho is all for using password managers. “They’re safer and smarter,” he says.

“They generate strong passwords and keep them secure so you don’t have to remember a dozen of them. You just protect that one master passphrase with two-factor authentication.”

As for biometrics, facial and fingerprint recognition, Mocho calls them the most secure but not flawless.

“They’re fast, convenient, and hard to fake,” he says. “But if your biometric data is ever leaked, there’s no changing it. You can’t exactly replace your face or fingerprints.”

He adds that technology biases still exist. “Some scanners struggle with certain skin tones or older users. And if the tech fails, say a power outage or a bug,  you’re locked out.”

Mocho’s biggest takeaway is that online safety isn’t just for techies.

“Don’t wait until your account is hacked to start caring,” he says. “Change your passwords regularly, use two-factor authentication, and be alert. Cybersecurity is a habit, not a one-time fix.”

So next time you’re tempted to reuse that one trusty password, remember: hackers are always watching, and your data is worth more than you think.