Japanese media giant Nikkei has disclosed a new data breach that exposed information belonging to more than 17,000 employees and business partners after hackers stole Slack credentials from a compromised device.
The company, known globally for publications like The Nikkei and Financial Times, confirmed that the attack originated from malware that infected an employee’s personal computer. The stolen Slack credentials were later used to access corporate accounts, allowing hackers to extract names, email addresses, and chat histories.
Nikkei said the investigation found no evidence that sensitive information related to journalistic sources or reporting activities was leaked, though it acknowledged the scale of the breach.
The company discovered the incident in September and has since reset passwords and tightened its internal security systems. Nikkei added that, while the exposed data type did not legally require official notification, it voluntarily reported the breach to Japan’s Personal Information Protection Commission as a transparency measure.
Cybersecurity experts noted that infostealer malware often targets collaboration platforms like Slack. Hudson Rock, which tracks such attacks, estimates that over 270,000 Slack credentials have been compromised globally through infostealer infections.
This latest incident follows a 2022 ransomware attack that also affected Nikkei’s customer data, underscoring the growing cyber risks facing major media organizations.
The breach also highlights how remote and hybrid work setups have expanded attack surfaces for companies worldwide. As employees continue to access corporate tools like Slack and email from personal devices, the line between home and enterprise security grows thinner. Experts urge organizations to invest in stronger endpoint protection, enforce multi-factor authentication, and conduct regular employee cybersecurity training to reduce exposure to similar attacks.
As digital communication tools become central to newsroom operations, Nikkei’s case highlights how a single infected endpoint can expose thousands of users, and how vital multi-layered cybersecurity has become for protecting media institutions.
