LIVE · cybersecurity feed
data breachhigh

Major Japanese telco says cyberattack exposed 12 million emails

zeroday.news·1d ago

One of Japan's largest telecommunications providers has confirmed that a cyberattack on an email platform it manages resulted in the exposure of over 12.2 million customer email addresses and 7.6 million passwords. The company, KDDI, stated that the breach affected an email system used to handle customer accounts, webmail services, and email storage for five separate Japanese internet service providers.

KDDI initially reported unauthorized access in June but only revealed the full extent of the data exposure after concluding its forensic investigation and submitting a report to Japan's Ministry of Communications. The investigation determined that attackers exploited a vulnerability present in third-party software utilized by the email platform.

Following the detection of the intrusion, KDDI stated that it promptly patched the identified flaw and modified the system. Investigators found no evidence that the attackers gained access to any systems beyond the specific vulnerability that was exploited. The company also clarified that its own consumer email services, which are part of its mobile and fixed-line internet offerings, operate on separate infrastructure and were not impacted by this incident.

In response to the breach, many customers who regularly use the affected email service have already begun changing their passwords. The internet service providers whose customers were impacted are reportedly working to implement mandatory password resets for all users in the coming days. KDDI indicated that it is continuing to analyze the full scope of the impact and the root cause of the incident, coordinating with the affected ISP operators to respond to customers and implementing measures to prevent future occurrences.

KDDI is a significant player in Japan's telecommunications sector, operating the country's second-largest mobile network. Its services extend beyond mobile to include broadband, cloud computing, cybersecurity, and data center operations.

This incident follows a series of cyber events reported by major Japanese companies in recent weeks. Notable breaches or cyber-related disruptions have also been disclosed by the Japanese unit of Aflac, electronics manufacturer Nidec, and the brewer Sapporo Holdings. However, there is currently no indication that these separate incidents are connected.

In a separate development, Tokyo police recently announced the arrest of a 15-year-old high school student. The student is suspected of exploiting a vulnerability in the servers of the anime streaming service Bandai Channel, allegedly leading to the fraudulent cancellation of over 46,000 user subscriptions.

data breachtelecomemailispjapan
← Back to latest

More News

view all →
zeroday.news · 2h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 2h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 3h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 3h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 3h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.

zeroday.news · 3h ago·critical

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.