KDDI Data Breach Exposes 14.22 Million Email Accounts

KDDI, a Japanese telecommunications company, reported a data breach affecting up to 14.22 million email accounts. Unauthorized access was detected on June 17, 2026, through vulnerabilities in third-party software used in their email systems. The breach impacts services provided to multiple ISPs, including STNet and JCOM. KDDI confirmed that both email addresses and passwords may have been exposed, although some passwords were stored in hashed or encrypted formats. The company has since implemented security measures to prevent further intrusions and is advising users to change their passwords. KDDI is cooperating with regulatory authorities to address the incident and mitigate risks. The breach includes data from both active and inactive accounts, complicating user notifications for those affected.

Key Points: • KDDI's data breach potentially affects 14.22 million email accounts. • The breach was caused by vulnerabilities in third-party software used in email services. • KDDI has implemented security measures and is advising users to change passwords immediately.