A data breach at KDDI, a Japanese telecom operator, may have compromised up to 14.22 million email addresses and passwords associated with ISP mail services. The incident, confirmed on June 17, 2026, was traced to a vulnerability in third-party software. The affected services include those from six ISP providers: STNet, KDDI Web Communications, JCOM, Chubu Telecommunications, Nifty, and BIGLOBE.
KDDI breach exposes 14.22M emails, passwords via third party flaw
CyberSIXT Evidence Panel
Source marked as original reporting
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
KDDI breach exposes 14.22M emails, passwords via third party flaw
databreaches.net
-
KDDI reveals 14.2 million email breach linked to third party flaw
securityaffairs.com
-
KDDI breach exposes 14.2 million emails across six Japanese ISPs
infosecurity-magazine.com