Data Leak
Incident
KDDI Multi-ISP Email Credential Exposure in Japan
Updated 24.06.2026 15:45
Case score 75
Why this score?
Case score is a discovery signal based on public evidence, not a guaranteed risk rating. Use it to decide what to review first, then verify important details from the linked sources.
- Total
- 75
- Main story score
- 75
- Related evidence lift
- +0 / 20
- Contributing updates
- 0
- Context updates
- 1
Top contributors
- Data Leak Primary impact record for credential exposure across six Japanese ISPs. main
- Incident Corroborates the same intrusion with disclosure timing, affected providers, and containment actions. context
Case score 75
Members 2
Latest activity 24.06.2026 15:45
Members 2
First seen 24.06.2026 15:45
Last seen 24.06.2026 15:45
Updated 24.06.2026 15:45
Overview
KDDI disclosed unauthorized access to **its email system** used by six Japanese ISPs after detecting the intrusion on **June 17**. The company said an actor exploited a vulnerability in **third-party software** and that **up to 14.22 million** email addresses and passwords were likely compromised, creating immediate account-security risk for customers of the affected providers.
KDDI says it has modified the system, applied technical countermeasures, notified Japanese authorities, and urged affected users to **change passwords**. Public details still do not identify the vulnerable software, a CVE, or the intrusion actor, so response is focused on credential hygiene and containment rather than product-specific patch tracking.
Attackers gained unauthorized access to **KDDI's email system** used by several Japanese ISPs and exposed customer credentials across multiple providers in Japan. KDDI said the compromise affected services tied to **STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty Corporation, and Biglobe**, with **up to 14.22 million** email addresses and passwords likely compromised. The intrusion was detected on **June 17** and publicly confirmed on **June 23**.
Available evidence indicates the actor exploited a vulnerability in **third-party software** used in the email system, but the software name, vulnerability identifier, and intrusion actor have not been disclosed. The exposed data creates immediate risk of mailbox compromise, password reuse abuse, and follow-on account access against affected users. Available evidence does not confirm broader downstream abuse, and no public CVE is attached to the intrusion.
KDDI said it modified the system to prevent further damage, implemented technical countermeasures at suspected compromised locations, and notified Japan's **Personal Information Protection Commission** and the **Ministry of Internal Affairs and Communications**. Affected customers were strongly advised to **change passwords**, and response activity is centered on containment, user action, and coordination with the impacted ISPs.
Signals
8 derivedImpact signals
Affected impact
Exposed data
Victims/regions
Victim region
Japan
Sector
telecommunications
Status
Incident status
Contained
Threat context
Actor
unauthorized actor
Data exposure
Data
Passwords
Leak status
Claimed/Sample Only
Data
Email Addresses
Member happenings
2 related
Data Leak
KDDI email-system credential leak affecting Japanese ISPs
Data Type
Passwords
Data Type
Email Addresses
Data Status
Claimed/Sample Only
Data Leak
KDDI email-system credential leak affecting Japanese ISPs
Data Type
Passwords
Data Type
Email Addresses
Data Status
Claimed/Sample Only
Incident
KDDI Corporation hit by network compromise
Extortion
None
Incident
Contained
Incident
KDDI Corporation hit by network compromise
Extortion
None
Incident
Contained