Emerging ThreatsData Breaches

KDDI Data Breach Compromises 14.2 Million Email Logins at Six ISPs

Analyst 207||Source: BleepingComputer
Technicians surround a prominent server terminal with a blurred screen in a brightly-lit Japanese data center.

KDDI said it may have exposed the email addresses and passwords of up to 14,22 million customers.

What KDDI Corporation disclosed

Japanese telecommunications operator KDDI Corporation reported a data breach it discovered on June 17 and says it “responded immediately by blocking the attacker and implementing defense measures.” The company’s investigation concluded that the actor exploited a vulnerability in an unnamed third‑party software component used on one of KDDI’s email systems. That single compromised system provided email services for five other internet service providers (ISPs) in Japan.

Which ISPs and how the exposure is characterised

KDDI said the incident impacted the email services of STNet, Inc.; JCOM Co., Ltd.; Chubu Telecommunications C., Inc.; NIFTY Corporation; and BIGLOBE Inc. The company warned that, while investigation continues, there remains a possibility that customers' email addresses and passwords were obtained by unauthorized third parties: “Although technical defensive measures have already been implemented for the system, there remains a possibility that customers' email addresses and passwords were obtained by unauthorized third parties as a result of the incident,” KDDI warns.

Scale of the potential impact

KDDI estimated the exposure could include up to 14,22 million customers. That figure, the company emphasised, covers current and former customers and inactive accounts that may no longer be in use. KDDI also noted a mitigating detail: some passwords were stored in hashed and/or encrypted form, which the company said “cannot be readily abused for account hijacks even if exposed.” KDDI did not specify the type of encryption used or what percentage of accounts had passwords stored in plaintext.

Regulatory notifications and coordinated response

According to KDDI, it has been contacting the affected ISPs since June 17 and has notified Japan's Personal Information Protection Commission and the Ministry of Internal Affairs and Communications. The company said it is working with the affected ISPs to implement additional security measures to mitigate risks stemming from the exposure.

What this means for technologists, regulators, and customers

  • Technologists and security teams: the breach highlights a successful exploit of an unnamed third‑party software component on a shared email system; teams responsible for similar services will be watching for patching and configuration details and will likely prioritise system‑wide scans, credential integrity checks, and forced resets where feasible.
  • Policymakers and regulators: KDDI’s notification to the Personal Information Protection Commission and the Ministry of Internal Affairs and Communications places the incident under official oversight; regulators will be positioned to assess whether notification timelines and mitigation steps meet statutory requirements.
  • Affected customers and account holders: KDDI advises those who may have been exposed to reset their email passwords immediately and to enable two‑factor authentication (2FA) where available to add protection beyond the password.

KDDI is one of Japan’s largest internet service operators; the company description in its disclosure notes 45,000 employees and annual revenue of $32.4 billion, and that KDDI has operated since 2000 following the merger of IDO, DDI, and KDD, Japan's former state‑monopoly international telecommunications provider. The firm’s announcement makes clear the investigation is ongoing: the exact number of impacted accounts has yet to be determined and the company has not published technical details of the exploited third‑party vulnerability or the encryption schemes applied to stored credentials.

The immediate, concrete steps reported so far are blocking the attacker, implementing defensive measures on the affected system, notifying regulators, and contacting the five impacted ISPs. For customers, the practical guidance—reset passwords and enable 2FA—remains the clear and simple action available while the companies involved complete their investigations and remedial work.

Source: BleepingComputer — Data breach exposes up to 14.2 million email logins at six ISPs

Data BreachEmerging ThreatsJapanTelecommunicationsThird-Party VulnerabilityKDDIIsps
Related Intelligence

Continue Reading

Brightly-lit industrial setting shows subtle signs of disruption.

The Gentlemen Ransomware Gang Exposes Advanced Tactics

Meet The Gentlemen, a notorious ransomware gang that's made a name for itself with sophisticated tactics, ranking among the top 10 ransomware actors in just a few months. Since February 2026, they've been wreaking havoc across industries and geographies, with a strong presence in Brazil, China, Indonesia, Taiwan, and Thailand.

Analyst 207
Laptop in government office with blurred screen and papers nearby.

Mustang Panda Exploits Zoho WorkDrive in Indian Government Attacks

Meet the sneaky hackers known as Mustang Panda, who've been using a clever trick to steal sensitive info from Indian government machines - by hiding in plain sight within legitimate cloud traffic on Zoho WorkDrive. Their covert operation went undetected for 10 days, blending in seamlessly with routine cloud activity.

Analyst 207
Government official's workspace with blurred smartphone screen on desk surrounded by papers.

US Offers Bounty for Hackers Targeting WhatsApp, Signal Users

The US government is cracking down on hackers targeting WhatsApp and Signal users, offering up to $10 million for information that helps track down those behind the attacks. The move aims to take down Russian-linked hacker groups that have been phishing US officials, military leaders, and allied personnel.

Analyst 207
Smartphone on a city transit platform with blurred screen and abstract cyber threat representation.

Millenium RAT Infects 60,000 Devices in Global Cyber Campaign

A new iteration of the Millenium RAT malware has infected 62,289 devices worldwide, with a staggering 39,730 compromises occurring in just the first quarter of 2026, thanks to its upgraded native C++ architecture that helps it evade detection. This powerful Telegram-controlled remote access trojan has become even more elusive in its latest version.

Analyst 207