KDDI Corporation Breach Impacts 12.2M Customer Emails

KDDI Corporation, a prominent Japanese telecommunications organization, revealed a data breach may have impacted 12.2 million customer emails. Furthermore, 7.6 million passwords were compromised. The cyberattack reportedly leveraged vulnerabilities in a third-party software for the organization’s email system.
Max Gannon, Cyber Intelligence Team Manager at Cofense, says, “More than 12 million compromised email addresses and more than 7 million compromised passwords, all traced back to one unpatched vulnerability in one piece of third-party software. That is the multiplier effect of shared infrastructure, when a component sits at the center of a platform serving multiple providers, a single flaw does not affect one organization, it affects all of them simultaneously. Security teams spend enormous energy hardening the systems they own and operate, but third-party software is harder. You did not write it, you often cannot audit it deeply, and you are dependent on the vendor’s patch cycle. Attackers know this. Exploiting a vulnerability in integrated software is frequently the path of least resistance into an otherwise well-defended environment.”
The organization confirmed the incident on June 17.
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!







