Japanese telecommunications giant KDDI Corporation has revealed that a cyberattack may have exposed the email addresses and passwords of up to 14.22 million customer accounts after attackers breached one of its email systems used by five internet service providers (ISPs) in Japan.
The company discovered the security incident on June 17 and says it immediately blocked the attackers and deployed additional defensive measures. According to KDDI, the intrusion was made possible by exploiting a vulnerability in an unnamed third-party software application running on its systems.
KDDI warned that unauthorized parties may have obtained customer email addresses and passwords during the breach. The affected email services belong to five Japanese ISPs: STNet, JCOM, Chubu Telecommunications, NIFTY, and BIGLOBE.
The potential exposure includes current customers, former users, and inactive accounts. While the investigation is still ongoing, KDDI estimates that as many as 14.22 million accounts could have been affected.
The company noted that some passwords were protected using hashing and encryption, which makes them more difficult to misuse. However, it did not disclose which encryption methods were used or how many passwords may have been stored without adequate protection.
KDDI has informed the affected ISPs, notified Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications, and is working with its partners to strengthen security measures and reduce the risks associated with the incident.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Customers whose accounts may have been impacted are strongly encouraged to change their email passwords immediately. If available, enabling two-factor authentication (2FA) is also recommended to provide an extra layer of account security while the investigation continues.
