A cybersecurity incident at Japanese telecommunications company KDDI Corporation may have exposed the email addresses and passwords of up to 14.22 million customer accounts across 6 internet service providers (ISPs). The company said threat actors gained unauthorized access to one of its email systems after exploiting a vulnerability in an unnamed third-party software.
KDDI detected the breach on June 17 and immediately blocked the attackers while implementing security measures to contain the incident. The company stated that although technical defenses have now been strengthened, there is still a possibility that unauthorized parties obtained customer email addresses and passwords.
“Although technical defensive measures have already been implemented for the system, there remains a possibility that customers’ email addresses and passwords were obtained by unauthorized third parties as a result of the incident,” KDDI said.
The incident affected email services provided by STNet, Inc., JCOM Co., Ltd., Chubu Telecommunications C., Inc., NIFTY Corporation, and BIGLOBE Inc.
According to KDDI, the investigation is still ongoing, and the exact number of affected accounts has not yet been confirmed. The potential exposure includes current customers, former customers, and inactive accounts that may no longer be in use.
The company noted that some passwords were stored in hashed and/or encrypted form, making them more difficult to misuse if compromised. However, KDDI did not disclose the encryption method used or specify how many accounts had passwords stored in plaintext.
KDDI is one of Japan’s largest internet service providers, employing around 45,000 people and generating annual revenue of $32.4 billion. The company was established in 2000 following the merger of IDO, DDI, and KDD, Japan’s former state-owned international telecommunications provider.
Since June 17, KDDI has been notifying the affected ISPs and has also informed Japan’s Personal Information Protection Commission and the Ministry of Internal Affairs and Communications. The company is working with the affected providers to strengthen security measures. Customers are also advised to reset their email passwords immediately and enable 2-factor authentication (2FA), where available, for additional account protection.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.