Up to 14.22 Million KDDI Emails May Have Leaked, Password Change Urged
The breach is one of the largest in Japan this year, affecting millions across several major ISPs and requiring urgent password resets.
Reporting from 1 sources: ASCII.jp.
KDDI announced on June 23 that up to 14.22 million email addresses and passwords may have been leaked due to unauthorized access to its email system. The breach affected multiple ISP services including @nifty, BIGLOBE, J:COM NET, and others. Users are urged to change passwords immediately.
KDDI disclosed on June 23 that unauthorized access to its email system, confirmed on June 17, may have exposed up to 14.22 million email addresses and passwords. The breach exploited a vulnerability in third-party software. Affected services include STNet's Pikara-related emails, KDDI Web Communications' rental server CPI emails, J:COM NET and cable TV operator emails, Commufa Hikari and Business Commufa emails, @nifty emails, and BIGLOBE emails. Both current and former users, as well as dormant accounts, are at risk. Some passwords may be hashed or encrypted, but KDDI has not confirmed which. BIGLOBE urged immediate password changes on June 23, warning of potential personal information leaks or unauthorized service use. Nifty set a June 25 deadline for password changes, after which unconfirmed passwords will be invalidated.
Synthesized by Yomimono from the 1 cited source below, including Japanese-language reporting where cited, then editorially reviewed before publishing.
Sources
- ASCII.jp KDDI系メールで最大1422万件漏えいか パスワード変更を呼びかけ