KDDI Data Breach Affects 14.2 Million Email Accounts

KDDI Data Breach 🚨

KDDI Corporation has disclosed a significant data breach that has exposed up to 14.2 million email accounts across six Japanese internet service providers. The company detected the intrusion on June 17, 2026, quickly blocked the attackers, and launched an investigation.

According to KDDI, the breach was caused by a vulnerability in third-party software used by its email system. The data breach notice states:

“On June 17, 2026, we confirmed that some information from email services provided by various ISP operators may have been leaked to an external party in the email system that we provide to Internet Service Providers.”

On the same day, KDDI modified the system to prevent further damage and has identified the suspected location of the unauthorized access, implementing technical defense measures.

KDDI has reported the breach to Japan’s privacy and telecommunications regulators and is taking the required legal and regulatory steps. The incident affected the email services of six internet providers: STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty, and BIGLOBE. The company confirmed that email addresses and passwords may have been exposed, including accounts belonging to former and inactive customers.

While passwords were stored in hashed or encrypted form, KDDI warned that they may have been obtained by attackers. The company is coordinating response efforts and urging all impacted users to change their email passwords immediately to reduce the risk of unauthorized access.

“To ensure the protection of your data and eliminate future and potential risks, you will need to change your email password. We ask that you check the information provided by your ISP provider and take immediate action.”

For more details, please Read full article.