KDDI Corporation reported a significant data breach affecting approximately 14.2 million email accounts across six Japanese ISPs, attributed to a vulnerability in third-party software. The breach, detected on June 17, 2026, resulted in the potential exposure of email addresses and passwords, including those of former customers. KDDI swiftly blocked the attackers and is conducting an ongoing investigation while implementing security measures.
They have notified the relevant regulatory bodies and are urging affected users to change their passwords immediately to mitigate unauthorized access risks.