Hackers Steal Slack Credentials in Nikkei Data Breach

Japanese media conglomerate Nikkei Inc., publisher of The Nikkei and owner of the Financial Times, disclosed a cybersecurity incident involving the theft of Slack credentials that exposed sensitive data belonging to thousands of employees and business partners.

The breach, which was discovered in September 2025, highlights the growing threat of infostealer malware and the risks associated with using personal devices for corporate communication and collaboration platforms.

How the Breach Occurred

According to Nikkei’s official statement, the attack began when malware on an employee’s personal computer captured Slack credentials. The stolen login details were then used by threat actors to gain unauthorized access to internal Slack accounts belonging to multiple Nikkei employees.

Once inside the company’s Slack workspace, the attackers extracted:

• Employee names and email addresses

• Business partner contact details

• Chat logs and communication histories

In total, information associated with over 17,000 Slack users was compromised.

Importantly, Nikkei confirmed that no evidence suggests any breach of editorial sources or confidential reporting materials, ensuring that journalistic integrity and source protection remain intact.

Investigation and Response

Upon detecting the intrusion, Nikkei initiated a comprehensive investigation and reset all affected passwords. The company stated that it has strengthened internal access controls and implemented stricter cybersecurity hygiene measures to prevent similar incidents in the future.

Although the nature of the leaked information did not legally require notification under Japan’s data protection laws, Nikkei voluntarily reported the breach to the Personal Information Protection Commission (PPC) out of an abundance of caution and transparency.

Broader Context: Infostealers Targeting Communication Platforms

The attack on Nikkei is part of a broader global trend. Infostealer malware — designed to harvest login credentials, session tokens, and browser-stored passwords — has become a major weapon in cybercrime.

According to cybersecurity intelligence firm Hudson Rock, infostealer campaigns have compromised over 270,000 Slack credentials worldwide, demonstrating the widespread abuse of business communication platforms as entry points into corporate systems.

These malware strains are often distributed through phishing emails, malicious downloads, or compromised websites, silently collecting authentication data from unsuspecting victims.

Lessons for Organizations

The Nikkei incident underscores key cybersecurity lessons for businesses relying on collaborative cloud tools:

1. Limit corporate access from personal devices and enforce endpoint protection policies.

2. Implement multi-factor authentication (MFA) for all internal communication platforms.

3. Monitor credential theft activity through threat intelligence feeds.

4. Train employees on phishing and malware awareness.

By strengthening identity security and monitoring user behavior, organizations can reduce the risk of infostealer-driven breaches and protect sensitive communication environments.