threat-wire

KDDI Breach Exposes Up to 14 Million Japanese Email Logins

KDDI says attackers reached the email systems behind six Japanese internet providers and may have exposed up to 14.2 million email logins, including former and inactive accounts. The intrusion came through a flaw in third-party software and was caught on 17 June. Anyone using one of these mailboxes for business should reset the password and turn on two-step verification now.

By SecureBusinessHub Editorial, International cybersecurity desk — · 5 min read

Up to 14.2 million email logins. Six internet providers. One shared email platform. KDDI, Japan's second-largest telecom, disclosed the breach on 28 June and put the exposed figure at the top of the range.

The six providers all ran mail on the affected system: KDDI itself, STNet, JCOM, Chubu Telecommunications, NIFTY, and BIGLOBE. The 14.2 million count is not just active customers. It covers former customers and dormant accounts whose owners stopped paying attention years ago.

What happened

Attackers exploited a vulnerability in unnamed third-party software running on KDDI's email system. KDDI spotted the intrusion on 17 June, blocked the attacker, and added defences before going public on 28 June. The exposed data is email addresses and passwords. KDDI says some passwords were stored hashed or encrypted, but it has not fully ruled out that any were readable, so the safe assumption is that yours could be.

Why an old mailbox still matters

Plenty of small firms in Japan still run on a provider mailbox they set up with their internet line. A working email login is a doorway. It opens the door to account takeover, to credential stuffing if you reused that password anywhere else, and to business email compromise, where an attacker quietly reads your mail and slips a fake invoice into a real thread. Dormant accounts are the worst case, because nobody is watching them for the warning signs.

Do this today

  • Reset the password on any KDDI, au, STNet (Pikara), JCOM, Chubu (Commufa), NIFTY, or BIGLOBE email account, and make it unique to that mailbox.
  • Turn on two-step verification for the mailbox wherever the provider offers it.
  • Change the password anywhere you reused the old mailbox password, starting with banking, cloud, and admin accounts.
  • Log in and check for mail forwarding rules or filters you did not create, a common sign that someone is quietly copying your mail.
  • Close any dormant account you no longer need rather than leaving it as an open door.

Expect a second wave. With millions of valid addresses in hand, attackers tend to follow a breach like this with targeted phishing and smishing that name-drops the provider to look real. Your provider will not ask for your password by email, so treat any message that does as a scam.