What happened

Okay, so here’s the messy headline: Japanese telco KDDI discovered on June 17 that attackers had slipped into one of its email systems — the same system that serves five other ISPs (so six providers in the mix). The intruders appear to have exploited a flaw in some unnamed third-party software on KDDI’s setup, and the company says it immediately blocked the access and started bolting doors shut.

The investigators warn there’s a chance that email addresses and passwords were taken. KDDI estimates the exposure could affect up to 14.2 million accounts, including current, former, and inactive users. Some credentials were stored in hashed or encrypted form, which helps, but KDDI hasn’t said how many or what kind of protection was used, so the situation is still fuzzy.

  • STNet, Inc.
  • JCOM Co., Ltd.
  • Chubu Telecommunications Co., Inc.
  • NIFTY Corporation
  • BIGLOBE Inc.

KDDI says it has been contacting the affected ISPs and has notified the relevant Japanese authorities. They’re working with partners to add extra safeguards while the forensic digging continues.

What you should do (unless you enjoy chaos)

If your email is with any of those providers, don’t panic like it’s the end of the internet — but do act. At minimum:

  • Immediately reset passwords on the possibly affected email accounts. Yes, now. No, not later.
  • Enable two-factor authentication if the service offers it — it’s like a second deadbolt for your inbox.
  • Watch for phishing and unusual sign-in alerts. If someone knew your email, they’ll try tricks first.
  • Use a password manager and unique passwords so one breach doesn’t domino into others.
  • Keep an eye on bank and other important accounts for odd activity — attackers love pivoting from email to everything else.

Translation: KDDI is patching and collaborating with ISPs and regulators, while users should tidy up their account hygiene. Think of it as spring cleaning, but for cybersecurity — and way less fun.