KDDI disclosed unauthorized access to an email platform it operates for itself and multiple Japanese internet service providers, warning that up to 14.22 million email account records may have been exposed. The affected service supports KDDI and providers including STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty, and BIGLOBE. KDDI said the intrusion was detected on June 17 and linked to exploitation of a vulnerability in third-party software used by the system, after which it blocked further access and added defensive measures.
The potentially exposed data includes email addresses, passwords, and some personal information tied to active, dormant, and canceled accounts. KDDI said the password data was hashed or encrypted, but it has not publicly clarified the protection status or algorithms for all records, and the full scope of the incident remains under investigation. The company reported the breach to Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications, and is coordinating customer notifications and password resets with the affected ISPs.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
KDDI reported the incident to Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications. It also began coordinating with affected ISPs on customer notifications and password resets.
KDDI disclosed that unauthorized access may have exposed up to 14.22 million email account records, including email addresses and passwords tied to active, dormant, and canceled accounts across six ISPs. The company said the password data included hashed or encrypted passwords, while the full scope of the incident remained under investigation.
On the same day it detected the attack, KDDI said it blocked further intrusion, implemented containment measures, and strengthened defenses around the affected service.
KDDI detected an intrusion into an email platform it operates for itself and multiple Japanese ISPs. The company attributed the access to exploitation of a vulnerability in third-party software used by the system.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
8 references tracked. Mallory keeps watching after this page renders.
xakep.ru
Open sourcescworld.com
Open sourceteiss.co.uk
Open sourcecysecurity.news
Open sourcesecurityaffairs.com
Open sourcebleepingcomputer.com
Open sourcetheregister.com
Open sourcethecybersecguru.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.