The Record by Recorded Future • 2h
KDDI Email Infrastructure Breach: Exposure of 14 Million User Accounts
KDDI Corporation experienced a critical data breach resulting from the exploitation of a vulnerability in third-party email management software. The breach compromised customer email management systems, webmail services, and storage infrastructure, leading to the unauthorized access of approximately 12.2 to 14.2 million user accounts. Impacted data includes email addresses and login credentials. Because the affected infrastructure served as a backbone for five to six additional Japanese Internet Service Providers (ISPs), the exposure expanded beyond KDDI’s direct customer base, creating a systemic risk across multiple regional network providers.