KDDI Corporation, one of Japan’s largest telecom companies, disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service providers.
The company detected the intrusion on June 17, quickly blocked the attackers, and launched an investigation. According to KDDI, the breach was caused by a vulnerability in third-party software used by its email system. The company is continuing its investigation while assessing the full impact of the incident.
“On June 17, 2026, we confirmed that some information from email services provided by various ISP operators (hereinafter referred to as “the email service”) may have been leaked to an external party in the email system (hereinafter referred to as “the System”) that we provide to Internet Service Providers (hereinafter referred to as “ISP operators”).” reads the data breach notice.
“On the same day, we modified the System to prevent further damage. We have identified the suspected location of the Unauthorized Access and implemented technical defense measures.”
Brian Higgins, Security Specialist at Comparitech had this to say:
“It looks like KDDI Corp are responding to this breach as best they can but the nature and volume of the compromised information is of considerable concern. Email is ubiquitous in modern communications so the available data points offer all manner of opportunities for malicious actors.
Unfortunately third party and supply chain attacks are far more likely to succeed as most organisations are fairly used to protecting core networks these days, but the interconnectivity required to operate means that access devolves to those less aware of the dangers or less able to resource the necessary security protocols.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech follows with the:
“A big breach of email accounts and passwords like this is much more serious than most data breaches. Email accounts are often what we use to log into other accounts. We use email to verify new accounts, log in, change passwords, receive one-time codes, and recover other accounts. So a breach of an email account can lead to several more accounts being hijacked. Furthermore, cybercriminals can use hacked email accounts to spread scams, phishing, and spam. And of course, all of the information stored in your emails is at risk.”
We’ll have to see how this plays out. But I expect the usual pattern of phishing, spearfishing and other targeted attacks. Because I truly expect nothing less.
Related
This entry was posted on June 29, 2026 at 2:57 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
KDDI Email System Breach Exposes Up to 14.2 Million Credentials
KDDI Corporation, one of Japan’s largest telecom companies, disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service providers.
The company detected the intrusion on June 17, quickly blocked the attackers, and launched an investigation. According to KDDI, the breach was caused by a vulnerability in third-party software used by its email system. The company is continuing its investigation while assessing the full impact of the incident.
“On June 17, 2026, we confirmed that some information from email services provided by various ISP operators (hereinafter referred to as “the email service”) may have been leaked to an external party in the email system (hereinafter referred to as “the System”) that we provide to Internet Service Providers (hereinafter referred to as “ISP operators”).” reads the data breach notice.
“On the same day, we modified the System to prevent further damage. We have identified the suspected location of the Unauthorized Access and implemented technical defense measures.”
Brian Higgins, Security Specialist at Comparitech had this to say:
“It looks like KDDI Corp are responding to this breach as best they can but the nature and volume of the compromised information is of considerable concern. Email is ubiquitous in modern communications so the available data points offer all manner of opportunities for malicious actors.
Unfortunately third party and supply chain attacks are far more likely to succeed as most organisations are fairly used to protecting core networks these days, but the interconnectivity required to operate means that access devolves to those less aware of the dangers or less able to resource the necessary security protocols.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech follows with the:
“A big breach of email accounts and passwords like this is much more serious than most data breaches. Email accounts are often what we use to log into other accounts. We use email to verify new accounts, log in, change passwords, receive one-time codes, and recover other accounts. So a breach of an email account can lead to several more accounts being hijacked. Furthermore, cybercriminals can use hacked email accounts to spread scams, phishing, and spam. And of course, all of the information stored in your emails is at risk.”
We’ll have to see how this plays out. But I expect the usual pattern of phishing, spearfishing and other targeted attacks. Because I truly expect nothing less.
Share this:
Like this:
Related
This entry was posted on June 29, 2026 at 2:57 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.