Japanese Telecom Giant Reveals Breach Affecting 14.2 Million Email Accounts

The breach exposed email addresses and passwords for up to 14.22 million customers across six Japanese ISPs, though some passwords were stored in encrypted form.

CSBadmin
2 Min Read

Breach Discovery and Response

Japanese telecommunications operator KDDI Corporation has disclosed a significant data breach affecting its email systems. The company detected the compromise on June 17, 2026, and took immediate action to block the attacker and implement defensive measures. The breach originated from a vulnerability in an unnamed third-party software used by KDDI.

KDDI stated that while technical defenses have been deployed, there remains a risk that customer email addresses and passwords were accessed by unauthorized parties. The company has been investigating the incident and coordinating with affected parties since the discovery.

Scope of Exposure

The breach impacts five internet service providers that rely on KDDI’s email infrastructure: STNet, JCOM, Chubu Telecommunications, NIFTY Corporation, and BIGLOBE. Up to 14.22 million customers, including current and former users as well as inactive accounts, may have had their email credentials exposed.

KDDI noted that some passwords were stored in hashed or encrypted form, potentially limiting immediate abuse. However, the company did not disclose the specific encryption methods used or the proportion of passwords stored in plaintext. KDDI has contacted affected ISPs and notified Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications. Customers are advised to reset passwords and enable two-factor authentication if available.

Source: BleepingComputer

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.