KDDI Corporation disclosed a breach of one of its email systems used by five Japanese ISPs after attackers exploited a vulnerability in third-party software. The incident may have exposed email addresses and passwords for up to 14.22 million customers, prompting KDDI to notify authorities and urge password resets. #KDDI #STNet #JCOM #ChubuTelecommunications #NIFTY #BIGLOBE
Keypoints
- KDDI detected the compromise on June 17 and blocked the attacker immediately.
- The breach involved an email system used by five other ISPs in Japan.
- Attackers abused a vulnerability in unnamed third-party software used by KDDI.
- Up to 14.22 million customers may have had email addresses and passwords exposed.
- KDDI notified regulators and advised affected users to reset passwords and enable 2FA.