Nikkei, the world’s largest business news outlet, which owns over 40 affiliates, including The Financial Times, and has more than 3.7 million paid subscribers and over 1.7 million daily readers, has confirmed a data breach that leaked personal information after threat actors compromised its Slack accounts.
Nikkei also owns Nikkei Asia and TV Tokyo Holding Corporation, among other television and radio stations, as well as printing, production, and marketing firms.
The publishing powerhouse disclosed that the threat actor used stolen credentials to breach Slack accounts after an employee’s computer was infected with an info-stealer malware.
Nikkei data breach leaks customer information after hackers compromise Slack accounts
Upon learning of the data breach that occurred in September, the media house responded by implementing immediate security measures and requiring mandatory password resets across the board.
According to Nikkei, the data breach leaked the victims’ names, email addresses, and chat histories of its customers. Approximately 17,368 employees and business partners were impacted after threat actors breached an employee’s Slack account, using info-stealing malware.
“An employee’s personal computer was infected with a virus, leading to the leakage of Slack authentication credentials,” the company stated. “It is believed that this information was used to gain unauthorized access to employee accounts.”
The company states that it uses Slack accounts for some operations, but did not specify which departments rely on the social media platform for communication. Many companies utilize Slack accounts to communicate with their customers, making them vulnerable to social media-based cyber attacks.
While rare, threat actors have mastered the art of using Slack accounts to distribute phishing links to compromise potential victims via the productivity platform.
Nevertheless, the Nikkei data breach did not leak sensitive information related to journalistic activities or confidential sources, which is highly sought after by despondent governments.
While Japan prides itself on its democratic processes and media freedom, journalists are under immense pressure from local and foreign governments, as well as other entities, underscoring the need to protect their personal information.
“No leakage of information related to sources or reporting activities has been confirmed. We take this incident seriously and will further strengthen personal information management to prevent any recurrence,” the company apologized for its employee’s Slack accounts being used to breach its customers’ PII.
Meanwhile, the Japanese global media giant has notified the relevant regulatory authorities of the data breach, including the country’s Personal Information Protection, despite the leaked information falling outside its jurisdiction.
“The Nikkei breach is a textbook example of the modern attack lifecycle, which pivots from a compromised endpoint directly to a high-value SaaS application,” stated Mayank Kumar, Founding AI Engineer at DeepTempo. “The initial malware infection was just a foothold. The true objective was to steal valid credentials, allowing attackers to “live off the land” and blend seamlessly into normal business activities. Once inside Slack, they appeared to be legitimate employees, rendering signature-based or rule based tools completely blind.”
Despite Nikkei not falling under the data breach reporting rules, the company voluntarily reported the incident to win its customers’ trust.
Victims may be targeted with phishing attacks
Although no sensitive personal information, such as government-issued IDs like Social Security Numbers (SSNs), driver’s license information, medical records, or credit card details, was compromised, victims are still vulnerable to spear phishing attacks.
Cybercriminals can use the victims’ names and email addresses to craft customized and compelling phishing lures, potentially leading to the leak of more sensitive personal data, such as credit card details.
Subsequently, data breach victims should remain vigilant for phishing attacks and avoid clicking on links or downloading attachments in unsolicited or unexpected emails.
Nikkei has suffered data breaches in the past, although not involving Slack accounts and other attack vectors. In 2022, Nikkei’s Singaporean subsidiary suffered a ransomware attack that leaked customer data. In 2019, Nikkei America also suffered a business email compromise (BEC) attack that cost the company $29 million.
BEC attacks involve cybercriminals impersonating business executives and tricking employees into transferring funds to accounts controlled by the threat actor.

