Media Giant Nikkei Inc. Discloses Slack Breach Affecting 17,000 Accounts

What happened

Japanese media conglomerate Nikkei Inc. reported that hackers accessed employee and business partner accounts on its internal Slack workspace by using credentials stolen from a malware-infected employee computer. The breach was discovered in September, and the company states that the leaked data includes the names, email addresses, and chat histories of 17,368 individuals registered on Slack. Nikkei also said the leaked data does not include confidential sources or reporting materials.

Who is affected

At least 17,000 people, primarily employees and business partners of Nikkei, had their personal information exposed. While the company indicates that the leaked information doesn’t fall under Japan’s Personal Information Protection Law threshold for mandatory disclosure, Nikkei voluntarily notified the country’s Personal Information Protection Commission.

Why CISOs should care

• This incident highlights the risk posed by credential theft through malware and how a single infected endpoint can lead to widespread access across collaboration platforms.
• Even organizations not traditionally viewed as high-risk (like media firms) can be targeted and must treat internal collaboration tools (Slack, Teams, etc.) as high-value attack surfaces.
• The incident highlights the importance of logging and monitoring chat platforms, as well as the need for rapid detection of lateral movement within collaboration environments.

3 practical actions for CISOs

1. Audit and strengthen endpoint hygiene: Ensure all devices with access to enterprise collaboration tools have endpoint protection, malware detection, strong MFA, and that credential hygiene is enforced (e.g., no reused passwords, privileged access minimized).
2. Monitor collaboration platform activity: Establish logging and anomaly detection on Slack/Teams (e.g., large data exports, unusual user logins from new IP addresses, or third-party integrations behaving anomalously). Ensure that collaboration logs are fed into your SIEM or UEBA.
3. Apply zero-trust access to collaboration tools: Segment access to collaboration platforms, enforce conditional access (location, device posture, session risk). Consider restricting or monitoring third-party workspace apps and ensuring credentials tied to such platforms are treated with the same rigor as corporate identity systems.