Japanese media company Nikkei confirmed a security breach involving its Slack accounts, stemming from an employee’s personal computer infected with malware. The infection led to the leakage of Slack authentication credentials, which were then exploited to gain unauthorized access to employee accounts. The breach, discovered in September, exposed highly sensitive data—including names, email addresses, and chat histories—of **17,368 registered users**. While Nikkei implemented countermeasures like password resets and voluntarily reported the incident to Japan’s **Personal Information Protection Commission**, the breach underscores risks tied to non-corporate device access to confidential data. Notably, no compromise of **sources or reporting activities** was confirmed, but the exposure of internal communications and employee/customer data poses significant reputational and operational risks. The incident highlights vulnerabilities in third-party platform security (Slack) and the dangers of credential theft via infected personal devices.
TPRM report: https://www.rankiteo.com/company/nikkei
"id": "nik1702217110725",
"linkid": "nikkei",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '17,368',
'industry': 'Media/Publishing',
'location': 'Japan',
'name': 'Nikkei Inc.',
'type': 'Media Company'}],
'attack_vector': 'Malware Infection (via Personal Device)',
'customer_advisories': 'Public disclosure via statement; no direct customer '
'advisories mentioned.',
'data_breach': {'data_exfiltration': 'Likely (Unauthorized Access Confirmed)',
'number_of_records_exposed': '17,368',
'personally_identifiable_information': 'Yes (Names, Email '
'Addresses)',
'sensitivity_of_data': 'Moderate (Names, Email Addresses, '
'Chat Histories)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Communication Data']},
'date_detected': '2023-09',
'description': 'Japanese media company Nikkei confirmed a security breach of '
'its Slack accounts, potentially leaking highly sensitive '
'information from over 17,000 users. The breach occurred after '
'an employee’s personal computer was infected with a virus, '
'leading to the leakage of Slack authentication credentials. '
'Unauthorized access was gained to employee accounts, exposing '
'names, email addresses, and chat histories of 17,368 '
'individuals. The incident was identified in September, and '
'countermeasures such as password changes were implemented. '
'Nikkei voluntarily reported the incident to Japan’s Personal '
'Information Protection Commission, confirming no leakage of '
'information related to sources or reporting activities.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Voluntary '
'Disclosure to Regulators)',
'data_compromised': ['Names', 'Email Addresses', 'Chat Histories'],
'identity_theft_risk': 'Low to Moderate (PII Exposed)',
'systems_affected': ['Slack Accounts']},
'initial_access_broker': {'entry_point': 'Employee’s Personal Computer '
'(Malware Infection)',
'high_value_targets': ['Slack Authentication '
'Credentials']},
'investigation_status': 'Ongoing (Incident Identified in September; No '
'Further Updates)',
'lessons_learned': 'Risks associated with allowing non-corporate devices to '
'access confidential corporate data; importance of robust '
'authentication and endpoint security for '
'remote/work-from-home setups.',
'post_incident_analysis': {'corrective_actions': ['Password resets for '
'affected accounts.',
'Voluntary reporting to '
'regulatory body '
'(transparency measure).',
'Likely review of remote '
'access and BYOD (Bring '
'Your Own Device) '
'policies.'],
'root_causes': ['Use of personal (non-corporate) '
'device for accessing corporate '
'Slack accounts.',
'Inadequate endpoint security '
'leading to malware infection.',
'Weak authentication mechanisms '
'(credentials compromised).']},
'recommendations': ['Enforce stricter policies on the use of personal devices '
'for corporate access.',
'Implement multi-factor authentication (MFA) for Slack '
'and other critical platforms.',
'Enhance endpoint detection and response (EDR) '
'capabilities to prevent malware infections.',
'Conduct regular security awareness training for '
'employees on phishing and malware risks.',
'Monitor and audit third-party/remote access to corporate '
'systems.'],
'references': [{'source': 'Nikkei Official Statement'}],
'regulatory_compliance': {'regulatory_notifications': ['Japan’s Personal '
'Information '
'Protection Commission '
'(Voluntary Report)']},
'response': {'communication_strategy': 'Public Statement & Voluntary '
'Regulatory Disclosure',
'containment_measures': ['Password Resets'],
'incident_response_plan_activated': 'Yes (Password Changes '
'Implemented)'},
'title': 'Nikkei Slack Account Security Breach',
'type': 'Data Breach / Unauthorized Access',
'vulnerability_exploited': 'Weak Authentication Credentials / Use of '
'Non-Corporate Devices'}