Nikkei Suffers Slack Breach After Employee PC Malware Infection

Nikkei Inc., one of Japan’s largest business news publishers, disclosed that its internal Slack workspace suffered unauthorized access due to the malware infection of an employee’s personal computer.

The breach is believed to have resulted in the exfiltration of authentication credentials, raising concerns over the potential leakage of sensitive internal communication and personal information.

The company first detected the unauthorized access in September after identifying anomalous logins to employee Slack accounts. Upon investigation, it was determined that the infected PC had leaked the user’s Slack credentials, which were subsequently used to gain access to the internal business chat environment. In response, Nikkei implemented immediate containment measures, including password resets and access reviews.

According to the company’s statement, up to 17,368 individuals may be affected. Leaked information potentially includes full names, email addresses, and chat histories stored within the Slack workspace. Nikkei clarified that, although internal communications were compromised, there is no evidence that any information related to journalistic sources or editorial materials was accessed or leaked during the breach.

Nikkei Inc. is a major Japanese media organization known for its economic and financial reporting. It operates the Nihon Keizai Shimbun, one of Japan’s most prominent newspapers, and maintains numerous domestic and international editorial and business operations, including ownership of the Financial Times. The Slack platform is used internally by Nikkei employees for day-to-day communication and coordination.

Though Japanese law does not mandate reporting of personal data breaches related to information gathered for editorial purposes, Nikkei voluntarily notified the Personal Information Protection Commission in the interest of transparency. The company emphasized its commitment to reinforcing data protection measures and preventing recurrence, citing the seriousness of the incident.

No public leaks or direct exploitation of the exposed data have been observed as of the time of writing, but the incident serves as a reminder of the risks associated with using personal devices to access corporate communication platforms.