Japanese telecommunications operator KDDI Corp. said a data breach in one of its email systems may have exposed up to 14.2 million customer email addresses and passwords at six internet service providers, after attackers gained access on June 17.
KEY FACTS
- Discovery KDDI said it found the compromise on June 17 and blocked the attacker.
- Scope The incident affected email services for STNet, JCOM, Chubu Telecommunications, NIFTY and BIGLOBE.
- Exposure Up to 14.2 million accounts may have been affected, including current, former and inactive customers.
- Method Investigators found the attackers used a vulnerability in third-party software used on the system.
The disclosure said technical defensive measures were put in place immediately after the breach was detected. KDDI also said it has contacted the affected ISPs, notified Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications, and is working on additional safeguards.
Some passwords were stored in hashed and or encrypted form, which may reduce the risk of account hijacking in some cases. The company did not say what encryption was used or how many passwords were stored in plaintext.
Customers who may have been exposed were advised to reset their email passwords and enable two-factor authentication if it is available.
WHY IT MATTERS
The incident could affect a large number of email accounts across multiple Japanese ISPs, which can increase the risk of unauthorized access if stolen credentials are reused elsewhere. The disclosure also leaves open how many passwords were fully protected and how many were readable.