KDDI has confirmed a major data breach that may affect up to 14.2 million email accounts across six Japanese internet service providers.
The Japanese telecom giant says attackers accessed a shared email platform after exploiting flaws in third-party software. The breach involved systems that support email services for several providers, which increased the possible impact.
KDDI has now urged affected users to change their passwords. The company also says it has blocked the attack route and strengthened its security controls.
Six Japanese ISPs Affected
The KDDI data breach involves email services linked to six providers:
- STNet
- KDDI Web Communications
- JCOM
- Chubu Telecommunications
- Nifty
- BIGLOBE
These providers used the same shared email infrastructure. As a result, one successful attack gave hackers access to data connected to multiple services.
KDDI says the total number of potentially affected accounts could reach 14.2 million. That figure includes active users, inactive accounts, and former customers.
Email Addresses and Passwords May Be Exposed
The exposed data may include email addresses and passwords for affected mail accounts.
However, KDDI says it protected some passwords with hashing or encryption. That security measure can make stolen passwords harder to use, although it does not remove the risk completely.
Users who reused the same password on other websites face a higher threat. Attackers often test leaked login details on banking, shopping, social media, and cloud accounts.
Attackers Exploited Third-Party Software
KDDI traced the incident to vulnerabilities in third-party software connected to the email platform.
After discovering the intrusion, the company blocked the attack path and began a deeper investigation. KDDI also reported the incident to Japanese authorities.
The company has not confirmed widespread misuse of the exposed credentials. Still, it recommends immediate password resets for anyone who may have used the affected services.
Users Should Reset Passwords Now
Affected customers should change their email passwords as soon as possible. They should also update passwords on any other accounts where they used the same login details.
Multi-factor authentication can also reduce the risk of account takeover. Even if attackers obtain a password, they would still need a second verification step to access the account.
The KDDI data breach shows how one weak point in shared infrastructure can create risk for millions of users. KDDI says it will continue working with the affected ISPs as the investigation moves forward.


0 responses to “KDDI Data Breach May Have Exposed 14.2 Million Email Accounts Across Six ISPs”