Japanese telco giant KDDI says 12 million emails exposed in major cyberattack

japanese-telco-giant-kddi-says-12-million-emails-exposed-in-major-cyberattack
Japanese telco giant KDDI says 12 million emails exposed in major cyberattack
Malware attack virus alert , malicious software infection , cyber security awareness training to protect business
(Image credit: Shutterstock)

  • KDDI confirms unauthorized access affecting six ISPs, with up to 14.22 million email addresses and passwords exposed
  • Some passwords were unencrypted; with estimates citing 12.2 million emails and 7.6 million passwords compromised
  • Company urged rapid password updates, coordinated countermeasures with ISPs, and pledged recurrence prevention

KDDI, one of Japan’s largest telecommunications providers, has confirmed it was recently hacked and lost millions of emails and unencrypted passwords belonging to its clients’ customers.

In a data breach notice, shared last month, the company said that it confirmed “unauthorized access” on June 17 2026.

“As a result, part of the information from email services offered by these ISPs may have leaked externally,” a machine translation of the notice reads.

Coordinating countermeasures

The incident allegedly affected an email system KDDI uses to manage customer email accounts, webmail, and email storage.

KDDI says that the attack affected six ISPs: STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty Corp, and BIGLOBE. Up to 14.22 million email addresses and passwords linked to these mailboxes were allegedly exposed, which includes both accounts of former customers, as well as dormant users.

“Some” passwords were hashed or encrypted, the company further said, suggesting that some – were not. It also stated that the 14.22 million number represents a “maximum estimate”, and that the investigation is still ongoing. The Record reported 12.2 million customer email addresses and 7.6 million passwords exposed.

Since spotting the intrusion on June 17, KDDI has been contacting ISPs to “coordinate countermeasures” and urged their customers to update their passwords as soon as possible. “Customers should follow instructions provided by their ISP promptly,” it said. “KDDI will continue working with ISPs to notify customers and support rapid password updates.” It also said that “many customers” have already updated their passwords.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We are analyzing the scope of the impact and the cause, responding to customers in coordination with ISP operators, and taking measures to prevent a recurrence,” the company said.

KDDI is one of Japan’s largest telecommunications companies, rivaling NTT Docomo and SoftBank. It serves approximately 72 million mobile subscribers.

Via The Record


Best antivirus software header

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.


Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Leave a Reply

Your email address will not be published. Required fields are marked *