KDDI confirms major data breach impacting 14.2 million email accounts

A major data breach at Japanese telecom giant KDDI has exposed up to 14.2 million email accounts across six internet service providers. The company confirmed the intrusion was discovered on June 17 and traced to a vulnerability in third-party software used by its email system.

A widespread impact across Japan’s ISPs

The breach affected email services provided by six ISPs: STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty, and BIGLOBE. KDDI stated that while passwords were stored in hashed or encrypted form, attackers may have obtained them. The company also warned that email addresses and passwords—including those of former and inactive customers—could have been compromised.

Immediate response and user action required

KDDI acted quickly to block the attackers and has since implemented technical defenses to prevent further unauthorized access. The company has reported the breach to Japanese regulators and is coordinating with ISPs to notify affected users. Affected users are strongly advised to change their email passwords immediately to minimize risks.

While KDDI continues its investigation to assess the full scope of the incident, the company emphasized the importance of prompt action from users. The breach underscores ongoing challenges in securing third-party software integrations in critical infrastructure.

---

Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.