Categories
Cybersecurity Digital Economy

Digital Identity Theft (1): The First Violation

Digital identity theft
Digital identity theft

Chapter 1: The First Violation – Digital Identity Theft

– What It Took, What It Meant, and Why It Matters

This is the first in a five-part series on digital identity theft, automated systems, and platform accountability, drawn from my own experience and viewed through my work in technology policy and data protection.

In February 2026, my phones were stolen.

That was the first violation.

It has been a bizarre experience. While this piece is from the technology policy and data angle, I may write about other aspects in future.

Was it just about theft. No, not at all. It revealed something far larger.

The stolen devices were used to access one of my long-established social media accounts. The attackers changed the account name. They replaced the name I had used professionally for years with an entirely different identity. They also replaced my profile photograph, changing the image of a Black Nigerian man to that of a white woman. Not unexpectedly, some close contacts reached out to ask what was going on. I kept others informed.

Indeed, it was not subtle compromise.

It was visible and to an extent embarassing. It was total visible takeover.

They did not simply access messages or harvest credentials. They rewrote the visible identity attached to my account and occupied it as if it belonged to someone else.

That distinction matters.

This was not merely account compromise. This went further. It was digital identity theft.

What Was Taken First

The first loss was physical: two phones.

Like many cases of device theft, my immediate concerns were practical:  communication disruption, loss of access, interruption of work, protection of vital data, and the challenge of replacing tools that had become central to both daily life and professional activity. I often wonder, before GSM: how did we survive without mobile phones?

But the real loss was not the hardware.

The real loss began when the stolen devices became trusted authentication channels.

Once the attackers gained access, they changed core identity markers attached to my account:

  • account name
  • profile image
  • account presentation
  • associated trust signals

The result was more than unauthorized access.

My identity was overwritten in a public digital space where I had spent years building professional credibility, advocacy work, and trusted relationships. Pure, unadulterated, digital identity theft!

What Digital Identity Actually Means

The phrase social media account does tell the full story. In fact, it often minimizes what is at stake.

For many professionals today, especially across Africa and the Global South, a digital profile is not just a communication tool. It has become part of professional infrastructure. It has become essential for personal and work activities.

It supports:

  • professional credibility
  • knowledge sharing
  • stakeholder engagement
  • advocacy
  • collaboration
  • public reputation
  • business and career opportunities
  • personal and professional networking

In my own work across ICT policy, innovation, digital development, and public advisory, my digital identity is not separate from my professional life. It is part of how people know my work, engage with my ideas, and connect to the initiatives I have built through Jidaw and Jidaw.com.

When the attackers changed my account identity, they were not simply vandalizing a profile page.

They disrupted continuity between my name, my work, my audience, and the professional history attached to that identity.

The damage was social, economic, and institutional. It was professional, yet personal.

Beyond Passwords: The Deeper Problem

The first questions people ask are predictable:

  • Was there a strong password?
  • Was device PIN enabled?
  • Was two-factor authentication active?
  • Was the SIM protected?
  • Was biometric access enabled?

These are valid questions.

But they address only one layer of security.

The deeper issue is system design.

My experience has made something clear: digital identity protection cannot depend solely on personal precautions. Platform architecture determines whether someone with temporary device possession can convert that access into effective identity control.

A secure system must assume devices can be stolen.

That means the critical issue is not only how users secure access, but how platforms prevent identity reassignment after compromise.

This includes:

  • identity continuity controls
  • suspicious profile change detection
  • recovery trust verification
  • rollback protections
  • post-compromise restoration

When these systems are weak, user safeguards become insufficient. My experience has shown that more needs to be done. Much more!

Digital trust is not only about what I secure.

It is also about what platforms are designed to prevent.

Why Device Theft Became Digital Identity Theft

Most major platforms operate on a trust model centered around authenticated devices.

Once a device is recognized, access is treated as legitimate. The system assumes continuity between device possession and account ownership.

That assumption is fragile. It is mistaken.

When my phones were stolen, the systems involved continued to trust whoever held them.

At that point, the attackers were able to:

  • access accounts
  • alter profile data
  • change recovery contacts
  • reset credentials
  • establish persistence
  • trigger automated trust loops

Once recovery details are changed, the platform’s internal record begins to reflect the attacker’s version of the account.

I still knew exactly who I was.

The platform no longer necessarily agreed.

And once corrupted records become the reference point, proving legitimate ownership becomes much harder than most people imagine.

The Human Cost of Identity Seizure

Physical theft has a clear boundary.

Something is taken. It is gone. The event is identifiable.

Digital identity theft is different.

The harm continues after the theft.

The attacker’s changes remain in the system.

The false identity becomes the visible version of who you are. Contacts, colleagues, institutions, and professional networks may encounter that altered identity before correction becomes possible. While some noticed the discrepancy and have reached out via alternative channels, what about those who have no other way to contact me?

That is what makes it so disorienting.

The loss is not only access.

It is displacement.

I was not just locked out of an account.

My digital presence still active, but it was no longer representing me.

The system was also now referencing someone else’s changes as though they were legitimate.

That creates a particular kind of helplessness that is difficult to understand until it happens to you.

Why This Matters for Policy

My experience reinforced something I have argued professionally for years:

identity compromise is no longer only a cybersecurity issue.

It is a public policy issue.

As digital grows, as the digital economy expands, more professional, financial, and civic participation depends on digital identity. Failures in identity continuity affect:

  • employment
  • public trust
  • professional credibility
  • access to services
  • legal accountability
  • civic participation

This matters particularly in urban environments, where device theft is common. Many platform recovery systems are however not designed around that lived reality.

Technology systems are often built for efficiency and scale.

But real people live inside exceptions.

And when those exceptions become common, they stop being exceptions.

They become governance failures.

Is the platforms’ governance failing us?

In the next chapter, I will write about what happened after the compromise: recovery attempts, identity verification, automated responses, and what it means when legitimate evidence is assessed against corrupted platform records.

Chapter 2 — Doing Everything Right examines recovery systems, identity verification, and why legitimate users can still fail platform trust checks after compromise.

Author: Jide Awe

Science, Technology and Innovation policy advisor.

Nigeria’s Inaugural Tech Mentor of the Year

Find him on LinkedIn:
Jide Awe on LinkedIn

Find him on Threads:
@iamjidaw

Find him on Twitter:
@jidaw

Cybercrime in Nigeria – The Foreign Factor Driving Digital Crime

Cybersecurity