Nikkei Inc., the massive Japanese financial news and media group and the owner of the Financial Times, made an announcement this week confirming a major break-in to its networks.

The company, one of the world’s largest media corporations, first discovered the incident in September after noticing unusual logins to employee messaging accounts. This incident has, reportedly, led to the exposure of sensitive, private information belonging to over 17,000 people.

The Entry Point: A Stolen Slack Account

The whole incident started when an employee’s personal computer was infected with malware, allowing the attackers to steal login details. They used these compromised credentials as a direct gateway to gain unauthorised access to Nikkei’s internal Slack workspace, the business messaging platform used by its employees for daily communication and coordination.

Upon investigation, Nikkei determined that the breach potentially exposed the names, email addresses, and chat histories of a total of 17,368 individuals registered on the platform, including employees and business partners.

This type of stolen data, as we know it, itself has become a new form of leverage for criminals, increasingly used to force payments by threatening to leak the data rather than just locking up the company’s systems via ransomware attacks.

For instance, in February 2024, the Change Healthcare attack involved threat actors stealing the sensitive data of around 190 million individuals and demanding a massive ransom payment to prevent its public release.

Even though Nikkei, known globally for its publications like The Nikkei newspaper and the widely followed Nikkei 225 stock market index, has confirmed that no information related to journalistic sources or reporting activities was compromised, the stolen information is still a problem.

Response and Risk Assessment

Nikkei took immediate action, implementing password resets and other containment measures. While Japanese law does not strictly require disclosure for data gathered for editorial purposes, the company voluntarily informed the Personal Information Protection Commission in Japan, given the incident’s significance and its commitment to transparency. The publisher also issued a strong official statement:

“No leakage of information related to sources or reporting activities has been confirmed. We take this incident seriously and will further strengthen personal information management to prevent any recurrence,” the company stated.

It is worth noting that this is not the first security issue for Nikkei; the company lost about $29 million in September 2019 due to a Business Email Compromise (BEC) scam. As per Hackread.com’s report from 2019, this BEC scam involved an employee being tricked by fraudsters impersonating an executive into wiring the funds to a controlled bank account.

This is not the first time a news outlet from the Asia-Pacific (APAC) region has been targeted by hackers. In June 2024, Tech in Asia, a technology news platform covering startups and innovation across Asia, was breached, and the personal data of 221,470 users was stolen and later leaked online.

Mayank Kumar, Founding AI Engineer at the research firm DeepTempo, commented on the breach and shared his views with Hackread.com on why this attack was so effective. Kumar stated that the initial malware was only a small move. The real objective was to steal valid login details, allowing the criminals to operate unnoticed inside the network and “blend seamlessly into normal business activities.”

Kumar further explained that “For a SIEM (security information management), the login was valid, so no rule would fire, but for an NDR (network detection response), the traffic was encrypted, making payload inspection impossible.”

He added that the critical challenge is no longer just stopping viruses, but recognizing when an authorized user is performing an action (like scraping 17,000 records) that is fundamentally different from their normal activity.