Japanese telecommunications operator KDDI Corporation has disclosed a significant data breach impacting its email systems, which are also used by five other internet service providers in the country. The company discovered the compromise on June 17 and has since implemented defensive measures, based on information published by Bleeping Computer.The breach occurred when threat actors exploited a vulnerability in third-party software used by KDDI. This unauthorized access may have exposed the email addresses and passwords of up to 14.2 million customers, including current and former users. While some passwords were stored in hashed or encrypted forms, the exact extent of plaintext password exposure remains unclear.The incident affected several major ISPs in Japan: STNet, Inc., JCOM Co., Ltd., Chubu Telecommunications C., Inc., NIFTY Corporation, and BIGLOBE Inc. KDDI has notified Japanese authorities and is working with the affected ISPs to enhance security. Customers are advised to reset their passwords and enable two-factor authentication if available.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds