Financial Times owner Nikkei announced on Tuesday that hackers had infiltrated its networks via an employee’s Slack account, exposing sensitive information about business partners and the Slack chat histories of over 17,000 individuals.
Nikkei Inc., Japan's largest financial news outlet and one of the world's leading digital media houses, posted the news on its website on Tuesday, stating that one of its employees' personal computers had been “infected with a virus, leading to the leakage of Slack authentication credentials.”
“The incident was identified in September," Nikkei said.
It appears that the hackers used the employee’s Slack credentials as a gateway to gain unauthorized access to employee accounts – potentially leaking the chat histories of a whopping 17,368 individuals registered on the business messaging platform.
The company said it uses Slack for "some of its operations," although it did not specify which departments or subsidiaries, only that "countermeasures such as changing passwords were implemented.”
"The Nikkei breach is a textbook example of the modern attack lifecycle, which pivots from a compromised endpoint directly to a high-value SaaS application,” says Mayank Kumar, Founding AI Engineer at DeepTempo.
“The initial malware infection was just a foothold. The true objective was to steal valid credentials, allowing attackers to 'live off the land' and blend seamlessly into normal business activities," Kumar warns.
"Once inside Slack, they appeared to be legitimate employees, rendering signature-based or rule-based tools completely blind," Kumar adds.
Chat history today, phishing attacks tomorrow, expert warns
According to the Tokyo-headquartered media conglomerate, information on employees and business partners may have been exposed, including names, email addresses, and chat histories.
Dr. Darren Williams, Founder and CEO of ransomware prevention firm BlackFog, says the breach at Nikkei “underscores how attackers are exploiting everyday collaboration tools to infiltrate organizations and steal data.”
“Platforms like Slack – now essential to business operations – are increasingly prime targets for credential theft and lateral movement once inside,” Williams explains.
And although not a traditional ransomware attack, Williams points out that stolen information has become the real leverage.
“The exposure of thousands of names, emails, and chat histories gives attackers valuable intelligence for future phishing and social engineering campaigns,” he said.
“Even when data doesn’t meet strict legal definitions of ‘personal information,’ the reputational and operational fallout can be severe. True cyber resilience now depends on detecting and stopping data exfiltration in real time, because once the data leaves your network, the damage is already done,” Williams said.
Nikkei partners are worldwide in many industries
Although Nikkei Inc. acquired the Financial Times in 2015 for $1.3 billion, it has since produced The Nikkei, Japan's top business newspaper, with a daily circulation of over 1.7 million and more than three million digital subscribers, according to the company.
First published in 1876, the flagship paper – full name “Nihon Keizai Shimbun,” which translates to “Japan Economic Newspaper” – is known for the well-trusted and respected “Nikkei 225,” a stock market index of the top-rated 225 companies for the Tokyo Stock Exchange, that has been printed since the 1950s.
With over 51 domestic news bureaus and 37 overseas offices, Nikkei has employees worldwide from Singapore and New York, to London and China.
So far, Nikkei said there has been no indication that any information related to sources or reporting activities has been leaked.
Nikkei additionally owns the international publication Nikkei Asia and the TV Tokyo Holding Corp, among roughly three dozen other business publications, TV and radio stations, printing, production, marketing, and research entities.
Nikkei said it had voluntarily reported the breach to Japan’s Personal Information Protection Commission due to its “significance and to ensure transparency.”
“We take this incident seriously and will further strengthen personal information management to prevent any recurrence, “ the company said.
Your email address will not be published. Required fields are markedmarked