# Massive KDDI Data Breach Exposes 12 Million Email Accounts

*Published July 10, 2026*
*Source: [https://www.securityweek.com/12-million-impacted-by-data-breach-at-japanese-telco-kddi/](https://www.securityweek.com/12-million-impacted-by-data-breach-at-japanese-telco-kddi/)*

## Executive Summary

KDDI experienced a data breach affecting over 12 million email accounts due to a zero-day vulnerability in their system used by multiple ISPs. The breach has led to a widespread mandatory password reset to secure affected accounts.

## Article

This week, Japanese telecommunications company KDDI disclosed a significant data breach that has compromised the email accounts of over 12 million users. The breach occurred on June 17 and targeted a system developed by KDDI, which is part of the email infrastructure used by five Internet Service Providers: STNet, JCOM, Chubu Telecommunications, NIFTY, and BIGLOBE. The attack exploited a zero-day vulnerability in the software, leading to the unauthorized access of sensitive information.

KDDI clarified that its separate mobile and fixed-line internet email services were not impacted by the breach. The vulnerability had been exploited since May, affecting several ISPs. The affected accounts included email addresses of 12.2 million users and passwords for 7.6 million individuals. KDDI has worked collaboratively with the ISPs to initiate password resets, ensuring that customers who frequently use their email accounts have already updated their login credentials.

A mandatory password reset is planned for all compromised accounts in the coming days. Following the breach detection, KDDI swiftly removed the hackers from its systems and found no evidence of further suspicious activities. The company is committed to thoroughly inspecting the involved software to identify any other potential vulnerabilities and will assist ISPs in transitioning to more secure communication technologies.
