Nikkei Suffers Breach Via Slack Compromise

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTogether, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.The Japanese media giant said thousands of employee and business partners were impacted by an attack that compromised Slack account data and chat histories.November 5, 2025Japanese media conglomerate Nikkei Inc. on Tuesday disclosed a data breach that exposed data and chat histories for more than 17,000 employee Slack accounts.Nikkei, based in Tokyo, owns several newspapers, television stations, and media outlets, including the Financial Times. In its breach disclosure, the company said an "unauthorized external login" occurred in its Slack workspace."An employee's personal computer was infected with a virus, leading to the leakage of Slack authentication credentials," the disclosure read, via Google Translate. "It is believed that this information was used to gain unauthorized access to employee accounts. The incident was identified in September, and countermeasures such as changing passwords were implemented."The breach highlights once again how corporate communications platforms represent potentially rich attack surfaces for threat actors.The compromise of a single employee Slack account led to reams of internal data getting exposed to attackers. "Potentially leaked information includes the names, email addresses, and chat histories for 17,368 individuals registered on Slack," Nikkei said in a statement. The company said both employees' and business partners' data were affected by the breach, though it's unclear how many third parties were impacted. Dark Reading contacted Nikkei for comment but the company did not respond. Related:SonicWall Firewall Backups Stolen by Nation-State ActorIt's also unclear what other kinds of information and data may be contained in those chat histories. Cybersecurity experts this year have warned about sensitive data such as trade secrets potentially being exposed in resources beyond code repositories and development environments, such as Salesforce instances and Slack channels.Nikkei also stated that no leakage of information related to journalist sources or reporting activities had been confirmed. The company also emphasized that personal information used for reporting and writing is not subject to Japan's laws for personal information protection. "Considering the incident's significance and to ensure transparency, we voluntarily reported it to the Personal Information Protection Commission," Nikkei said. The compromise of Nikkei's Slack data marks the latest cyberattack against the Japanese media giant. In 2019, the company suffered a $29 million loss in a business email compromise (BEC) attack that tricked an employee into transferring funds into attacker-controlled accounts.In 2022, Nikkei Group Asia, a subsidiary based in Singapore, was struck by a ransomware attack. In a disclosure for the attack, the company said the incident began with unauthorized access to a server at the headquarters, which was later infected with an unspecified type of ransomware. Related:Iran's Elusive "SmudgedSerpent' APT Phishes Influential US Policy WonksRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area. 2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesYou May Also LikeNov 13, 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.