Japan is witnessing an alarming rise in online brokerage account hacks, with cybercriminals manipulating low-volume penny stocks across international markets. Since February, these fraudulent activities have totaled over ¥100 billion (approximately $710 million or ₹6,070 crore)—a trend that continues to escalate.

Hackers gain unauthorized access to investor accounts and purchase illiquid stocks—both in Japan and overseas. This artificially inflates the stock prices, allowing fraudsters to sell their own pre-acquired holdings at a profit. In response, some Japanese brokerage firms have halted buy orders for select stocks listed in China, the U.S., and Japan.

Eight major brokerages—including Rakuten Securities Inc. and SBI Securities Co.—have confirmed unauthorized trades on their platforms. The attacks have exposed systemic vulnerabilities in Japan’s cybersecurity framework and could derail the government’s push for wider retail investment, particularly for retirement savings. Victims say they are left confused and unsupported. Securities firms have largely avoided covering user losses, leading to growing distrust among investors.

Mai Mori, a 41-year-old part-time worker, said her Rakuten Securities retirement account was compromised. She lost ¥639,777, or about 12% of her portfolio, after hackers used her account to buy Chinese stocks.

“The police told me that in most fraud cases, the victims often end up having to just quietly accept the loss,” said Mori. “Basically, there’s not much that can be done.”

Rakuten told her to report the case to police, but authorities in Aichi prefecture refused, claiming that the victim was Rakuten, not Mori. The brokerage later stated it bore no responsibility.

A Rakuten spokesperson told Bloomberg, “We will continue to examine each case individually and respond in good faith.” Other brokers including SBI, SMBC Nikko, Monex Group, Matsui Securities, Nomura Securities, Daiwa Securities, and Mitsubishi UFJ Financial Group made similar statements emphasizing individual case-by-case evaluations.

Another Tokyo-based investor in his 50s, who requested anonymity, lost ¥50 million when his account was hijacked to purchase Japanese and Chinese stocks on margin. Despite receiving a suspicious notification, his brokerage was unable to freeze the account in time. Even though he previously only held index funds, his account was used to buy speculative stocks, including DesignOne Japan Inc., whose daily trading volume surged massively on the day of the hack.

Japan’s Finance Minister Katsunobu Kato has urged brokerages to discuss compensation “in good faith.” The Japan Securities Dealers Association is also working on making multi-factor authentication mandatory for all trading accounts.

“It’s not acceptable to issue a blanket denial of compensation,” said Chairman Toshio Morita. “Firms must consider each customer’s circumstances and respond appropriately.”

According to the Financial Services Agency (FSA), fraudulent trading cases skyrocketed from 33 in February to 736 by mid-April. While precise victim losses remain unclear, the breach has slowed momentum behind Japan’s investment expansion programs.

“Among people already using the system, including myself, there’s a sense that the financial firms need to do their jobs properly,” said researcher Yusuke Maeyama of NLI Research Institute. “When issues like this come up, it just reinforces their fears.”

Cybersecurity experts say criminals use tactics such as adversary-in-the-middle attacks and infostealer malware to hijack accounts. According to Nobuhiro Tsuji from SB Technology, these attacks begin with phishing emails or malicious ads that redirect users to fake websites designed to intercept login credentials. Some scams even mimic real websites alongside fake ones in split-screen browser layouts.

Infostealers, on the other hand, are malware that can extract stored passwords and personal data from infected devices without the user’s knowledge. Japan's preference for browser-based trading platforms over mobile apps—which offer better security—has contributed to the problem, said Yutaka Sejiyama of Macnica. A recent Macnica Security Research Center report found at least 105,000 leaked credentials linked to Japan.

Many victims, like Mori, have voiced their concerns on social media, sharing their losses and frustrations. Some even considered legal action but backed out due to the time and effort involved. Mori is now contemplating closing her Rakuten account but is unsure which firm to trust, fearing hidden fees or pressure tactics from full-service brokerages.