On May 1, 2025, well-known individual investor Tesuta revealed that his Rakuten Securities account had been hijacked, sending shockwaves through the individual investment community. Tesuta took to X (formerly Twitter) to share the alarming news, detailing the sequence of events that led to the unauthorized access.
Early that morning, Tesuta received a two-step verification email, which raised his suspicions. Upon checking his order history, he discovered unauthorized transactions that had occurred the night before. "I received a two-step verification email this morning and thought someone was trying to log in. I checked my order history and found orders that I hadn’t placed," he tweeted.
While Tesuta was in the midst of changing his login password, he noticed that additional unauthorized orders were being placed in real-time, indicating that the hijacker was still accessing his account. In a frantic effort to regain control, he quickly changed his password and contacted Rakuten Securities, which subsequently locked his account to prevent any further transactions.
Despite having robust security measures in place, including dual antivirus software and daily scans, Tesuta expressed frustration over the unknown route of the breach. "I have no signs of virus infection, so the source of the leak is still unclear," he noted. He also reported that abnormalities were observed in other securities accounts, prompting further investigation.
This incident is part of a broader trend of rising account hijacking cases targeting online securities accounts. According to a report by the Financial Services Agency, unauthorized access incidents surged from 43 cases in February 2025 to 1,422 in March and 1,847 by mid-April. The total financial impact has been staggering, with losses exceeding 954 million yen across major firms, including Rakuten Securities, SBI Securities, and others.
Many in the investment community reacted with alarm to Tesuta's situation. A fellow investor tweeted, "If Tesuta’s account can be hacked, it feels like a thief is right at my doorstep. I hope the Japanese securities industry can respond quickly to this threat." Concerns are mounting that the funds from Tesuta's hijacked account could be used for market manipulation, further destabilizing the investment landscape.
In light of these developments, Rakuten Securities has been urged to enhance its security measures. Critics have pointed out vulnerabilities in the company’s PC application, Market Speed, which only requires a username and password for access. This has raised alarms about the potential for further breaches.
As the news of Tesuta's hijacking spread, Rakuten Group's stock price began to decline, reflecting investor anxiety over the incident. One observer noted, "The drop in Rakuten's stock price seems to be a direct reaction to the news of Tesuta's account being compromised." The implications of such breaches extend beyond individual investors, raising fears about market integrity and the security of financial systems.
In addition to Tesuta's case, other investors reported suspicious activities in their accounts, including unauthorized changes to registered email addresses. This has prompted speculation about a coordinated effort by criminal groups to exploit vulnerabilities in online securities platforms.
Phishing scams have also proliferated, with fraudulent emails claiming to be from legitimate securities firms, warning recipients about login anomalies. These scams are becoming increasingly sophisticated, making it imperative for investors to remain vigilant. One investor shared, "I received a phishing email about unusual login activity, which only adds to the anxiety surrounding these security breaches. It’s clear that scammers are adapting and evolving their tactics."
In response to the rising tide of account hijackings, both Rakuten Securities and SBI Securities are emphasizing the importance of multi-factor authentication as a critical security measure. This approach requires users to verify their identity through multiple methods, significantly reducing the risk of unauthorized access.
Rakuten Securities has already implemented several security enhancements, including notifying users of unusual login attempts and offering additional verification steps. However, the effectiveness of these measures remains to be seen as the threat landscape continues to evolve.
As the situation develops, investors are being urged to take proactive steps to secure their accounts. This includes regularly updating passwords, enabling multi-factor authentication, and being cautious about suspicious emails and links. The Financial Services Agency is also exploring potential regulatory measures to strengthen security protocols across the industry.
The recent surge in account hijackings has highlighted the vulnerabilities inherent in online trading platforms and the urgent need for enhanced security measures. As Tesuta's experience demonstrates, even the most vigilant investors can fall victim to sophisticated cyberattacks.
In the wake of these incidents, the call for improved security standards in the financial sector has never been more pressing. Investors are reminded that while technology offers convenience, it also exposes them to significant risks. Taking the necessary precautions can help safeguard their investments and maintain confidence in the integrity of the financial system.
As the financial community grapples with these challenges, the hope is that swift action will be taken to protect investors and restore trust in online trading platforms. The lessons learned from Tesuta's experience could serve as a catalyst for change, prompting both companies and individuals to prioritize security in an increasingly digital world.
