Nikkei Suffers Breach Via Slack Compromise
Summary
Japanese media conglomerate Nikkei disclosed a data breach after an “unauthorised external login” into its Slack workspace. The incident, traced to malware on an employee’s personal computer that leaked Slack authentication credentials, exposed names, email addresses and chat histories for 17,368 Slack-registered individuals, including employees and some business partners. The company detected the incident in September and implemented measures such as password changes, and has reported the matter to Japan’s Personal Information Protection Commission. Nikkei said it has found no evidence that journalist sources or reporting-related personal information were leaked.
Key Points
- An infected personal PC leaked Slack authentication credentials, enabling unauthorised access to the workspace.
- Potentially exposed data includes names, email addresses and chat histories for 17,368 Slack accounts.
- Both employees and business partners were affected; the exact number of third parties impacted is unclear.
- Nikkei detected the incident in September, changed passwords and voluntarily reported it to the Personal Information Protection Commission.
- The company says there is no confirmed leak of journalist sources or reporting-related personal information.
- This follows prior incidents: a 2019 BEC that cost $29M and a 2022 ransomware attack on a Nikkei subsidiary.
Content Summary
The breach began when malware on an employee’s personal computer resulted in the theft of Slack authentication credentials. Attackers used those credentials to access Slack accounts and extract chat histories and account details. Nikkei’s disclosure, translated into English, states the incident was identified in September and immediate countermeasures like password resets were taken. The scope covers thousands of internal accounts and some external partners; details about the contents of chat logs remain unclear. Nikkei emphasised that no leak of journalist-source information has been confirmed and reported the incident to regulatory authorities for transparency.
The article frames the incident as another example of how enterprise collaboration platforms can become high-value attack surfaces, and notes Nikkei’s recent history of security incidents including a costly 2019 business email compromise and a 2022 ransomware event.
Context and Relevance
This breach matters because it shows how a single compromised endpoint — here, a personal laptop — can cascade into thousands of exposed conversations and contact records across an organisation and its partners. For media companies the stakes are particularly high given the sensitivity of communications, and for security teams it underlines the need for stronger endpoint controls, multifactor authentication coverage, credential protection and tighter admin oversight of collaboration tools.
More broadly, the incident ties into wider trends: attackers increasingly target collaboration platforms, and organisations continue to struggle with shadow IT and the security of personal devices used for work. Regulators are watching, so voluntary reporting to authorities like the Personal Information Protection Commission is notable.
Why should I read this?
Because it’s a neat, worrying reminder that one dodgy laptop can spill thousands of chats. If you care about protecting company comms, partner data, or journalists’ safety, the practical lessons here — lock down endpoints, enforce MFA, monitor admin access and assume Slack channels contain sensitive stuff — are worth a minute of your time.