More Than 12 Million Users Affected by Cyberattack on Japan’s KDDI

Japanese telecommunications operator KDDI has confirmed that more than 12 million users were affected by a cyberattack that took place in June this year. The incident was discovered on June 17, after unknown attackers exploited a so-called zero-day vulnerability in third-party software to gain access to an email system operated by KDDI for five Japanese internet service providers. The company stated that its mobile and fixed-line email services were not affected by the attack, as they operate on separate infrastructure.

According to available information, the email addresses of approximately 12.2 million users were compromised, while the passwords of around 7.6 million accounts also fell into the hands of the attackers. KDDI says the vulnerability was likely exploited as early as May and that the software vendor is currently working on a security patch. In cooperation with the affected internet service providers, the company has already launched a password reset process for users, while the mandatory reset of all compromised accounts is expected to be completed in the coming days.

KDDI claims that the attackers were removed from its systems immediately after the incident was discovered and that there is currently no evidence of any additional suspicious activity. The company has also announced a thorough security review of the affected software and plans to transition to more secure communication technologies in order to prevent similar incidents in the future.

Related Posts