CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 24, 2026

KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials

Infosecurity Magazine Archived Jun 24, 2026 ✓ Full text saved

Customers of the affected Japanese email services are “strongly advised” to change their email passwords

Full text archived locally
✦ AI Summary · Claude Sonnet


    Japanese telecommunications operator KDDI has confirmed it suffered a breach that has affected five other internet services providers (ISPs) and potentially exposed 14.2 customer email accounts. In a public statement released on June 23, KDDI Corporation said an unauthorized actor unlawfully gained access to an email system it provides to several Japanese ISPs, meaning that data linked to customers of these email services may have leaked. Specifically, KDDI said up to 14.22 million email addresses and passwords have likely been compromised. This includes accounts of customers who have canceled their services or have not used it for a long time. The affected ISPs include: STNet: Email services for Pikara Light Service, Pikara Mobile Service and Oshigoto Pikara Service KDDI Web Communications: Email services for the rental server CPI JCOM: Email services for J:COM NET and cable TV operators Chubu Telecommunications: Email services for COMINA Hikari and Business COMINA Nifty Corporation: Email services for @nifty email Biglobe: Email services for BIGLOBE email KDDI Urges Password Changes KDDI detected the intrusion on June 17 and assessed that the actor exploited a vulnerability in third-party software used in the email system. The company “modified the system to prevent further damage” and has now “implemented technical countermeasures at the suspected compromised locations.” It also notified relevant authorities, including the Personal Information Protection Commission and Japan’s Ministry of Internal Affairs and Communications. Additionally, KDDI confirmed it is working in close collaboration with the affected ISPs in order to provide information and discuss countermeasures, “which are currently being implemented,” the company said. Nevertheless, the company “strongly advised” customers of any of the affected email services to change their passwords. Image credits: yu_photo / Shutterstock.com Read now: Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
    💬 Team Notes
    Article Info
    Source
    Infosecurity Magazine
    Category
    ◇ Industry News & Leadership
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗