This week, Japanese telecommunications leader KDDI disclosed that a cyber incident in June compromised the data of over 12 million users. The breach, originating on June 17, involved unauthorized access to email infrastructure developed by KDDI for five Internet Service Providers (ISPs), including STNet, JCOM, Chubu Telecommunications, NIFTY, and BIGLOBE.
Details of the Cyber Incident
The attack exploited a zero-day vulnerability within the software of KDDI’s system, which is integral to the email services of the affected ISPs. Notably, KDDI’s mobile and fixed-line internet email services were not impacted, as they function on different infrastructure.
According to an automated translation of KDDI’s public announcement, the vulnerability had been exploited by attackers since May, prompting the vendor to develop a patch to address the issue. The breach resulted in the compromise of email addresses belonging to 12.2 million users and the passwords of 7.6 million individuals.
Response and Mitigation Efforts
KDDI has been actively coordinating with the involved ISPs to implement password resets for affected users. Customers who frequently use their email accounts have already updated their login credentials. The company assures that mandatory password resets will be enforced for all compromised accounts in the upcoming days.
Upon identifying the breach, KDDI swiftly removed the hackers from their systems and confirmed that no further malicious activity has been detected. The telecom giant is conducting a comprehensive review of the software to identify and rectify any additional vulnerabilities.
Future Security Enhancements
In its commitment to safeguarding user information, KDDI plans to collaborate with the ISPs to transition to more secure communication technologies. The company emphasizes its dedication to enhancing cybersecurity measures to prevent future occurrences.
This incident serves as a stark reminder of the vulnerabilities within digital infrastructures and the importance of robust cybersecurity protocols. As KDDI works towards bolstering its defenses, the focus remains on restoring user trust and ensuring the integrity of its services.
