Japanese publishing giant Nikkei said that its Slack messaging platform had been compromised via an unauthorized external login which exposed the names, email addresses and chat histories of 17,368 individuals registered on Slack. An employee’s personal computer was infected with a virus, leading to the leakage of Slack authentication credentials which hackers used to gain unauthorized access to employee accounts.
Nikkei put out a statement on this here: https://www.nikkei.co.jp/nikkeiinfo/en/news/announcements/1394.html
Rainier Gracial, Senior Security Engineer at cybersecurity company Spin.AI, provided the following comments:
“Nikkei is a prime example of why protecting data within core SaaS applications like Slack is absolutely critical. People assume Slack is secure because it is private to their business employees, but that does not mean unauthorized access won’t happen. Organizations should always assume they will be breached at some point and leverage strong data leak prevention controls in addition to strict access controls.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this:
“This breach demonstrates how organizations are only as secure as their weakest link. In a remote work environment, IT security teams struggle to secure devices used by non-IT personnel on the public internet. The risk is doubled if the devices are also for personal use. Hackers only need to compromise one person’s device to compromise the whole organization. In this case, the hacker used malware to steal one employee’s login credentials for Slack.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy offered this comment:
“Incidents like this one emphasize how important it is for organizations to regularly monitor their employees’ computers and other internet-capable devices to ensure that malware has not infected the devices. This is particularly important when companies allow employees to use their own computers and devices for work-related tasks. Organizations with such BYOD policies should require employees to have efficient virus and malware protection installed on their personal devices, preferably installed by the organization.”
This illustrates why a holistic approach to security is required in this day and age. From training to physical and software security measures, it all adds up to you not being the next organization that gets pwned.
Like this:
Like Loading...
Related
This entry was posted on November 5, 2025 at 2:12 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Japanese Media giant Nikkei reports data breach impacting 17,000 peopl
Japanese publishing giant Nikkei said that its Slack messaging platform had been compromised via an unauthorized external login which exposed the names, email addresses and chat histories of 17,368 individuals registered on Slack. An employee’s personal computer was infected with a virus, leading to the leakage of Slack authentication credentials which hackers used to gain unauthorized access to employee accounts.
Nikkei put out a statement on this here: https://www.nikkei.co.jp/nikkeiinfo/en/news/announcements/1394.html
Rainier Gracial, Senior Security Engineer at cybersecurity company Spin.AI, provided the following comments:
“Nikkei is a prime example of why protecting data within core SaaS applications like Slack is absolutely critical. People assume Slack is secure because it is private to their business employees, but that does not mean unauthorized access won’t happen. Organizations should always assume they will be breached at some point and leverage strong data leak prevention controls in addition to strict access controls.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech adds this:
“This breach demonstrates how organizations are only as secure as their weakest link. In a remote work environment, IT security teams struggle to secure devices used by non-IT personnel on the public internet. The risk is doubled if the devices are also for personal use. Hackers only need to compromise one person’s device to compromise the whole organization. In this case, the hacker used malware to steal one employee’s login credentials for Slack.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy offered this comment:
“Incidents like this one emphasize how important it is for organizations to regularly monitor their employees’ computers and other internet-capable devices to ensure that malware has not infected the devices. This is particularly important when companies allow employees to use their own computers and devices for work-related tasks. Organizations with such BYOD policies should require employees to have efficient virus and malware protection installed on their personal devices, preferably installed by the organization.”
This illustrates why a holistic approach to security is required in this day and age. From training to physical and software security measures, it all adds up to you not being the next organization that gets pwned.
Share this:
Like this:
Related
This entry was posted on November 5, 2025 at 2:12 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.