Major Japanese Telecom Giant KDDI Exposes 12.2 Million Email Addresses and Passwords in Cyberattack
Japan's telecommunications behemoth **KDDI** has revealed a significant cyberattack on an email platform, impacting over 12.2 million customer email addresses and 7.6 million passwords. The breach, stemming from a vulnerability in third-party software, affected email services for five Japanese internet service providers.
# Major Japanese Telecom Giant KDDI Exposes 12.2 Million Email Addresses and Passwords in Cyberattack
**KDDI**, one of Japan's largest telecommunications providers, has confirmed a substantial data exposure following a cyberattack on an email platform it operates for various internet service providers (ISPs). The incident led to the compromise of more than 12.2 million customer email addresses and 7.6 million passwords.
## The Scope of the Breach
The attack targeted an email system responsible for managing customer email accounts, webmail services, and email storage for five distinct Japanese ISPs. While **KDDI** initially disclosed unauthorized access in June, the full scale of the data exposure was only confirmed after the completion of a comprehensive forensic investigation and a report submitted to Japan's communications ministry earlier this week.
## Vulnerability Exploited
According to **KDDI**, attackers exploited a vulnerability within third-party software utilized by the affected email platform. The company stated that it promptly patched the flaw and modified the system upon detection of the intrusion. Investigators found no evidence that the attackers compromised any systems beyond the initial exploited vulnerability.
Crucially, **KDDI** confirmed that its own consumer email services for mobile and fixed-line internet customers, which operate on separate infrastructure, were not affected by this incident.
## Mitigation and Response
**KDDI** has advised customers to change their passwords, noting that many regular users of the email service have already done so. The affected ISPs are also working to implement mandatory password resets for all impacted accounts in the coming days.
"We are analyzing the scope of the impact and the cause, responding to customers in coordination with ISP operators, and taking measures to prevent a recurrence," **KDDI** stated.
## Broader Cyber Landscape in Japan
This disclosure by **KDDI** comes amid a series of recent cyber incidents affecting major Japanese companies. In recent weeks, the Japanese unit of **Aflac**, electronics manufacturer **Nidec**, and brewer **Sapporo Holdings** have all reported breaches or cyber-related disruptions. There is currently no indication that these incidents are linked.
In a separate development, Tokyo police recently arrested a 15-year-old high school student suspected of exploiting a vulnerability in the servers of the anime streaming service **Bandai Channel**. This alleged attack resulted in the fraudulent cancellation of over 46,000 user subscriptions.