You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
Summary
Japanese telecommunications company KDDI has exposed the managed email credentials of 14.2 million users. The exposed data includes email addresses and passwords, potentially putting users at risk of phishing attacks and account takeovers. The incident affected users of five internet service providers.
IFF Assessment
The exposure of 14.2 million managed email credentials is a significant security incident that directly benefits malicious actors.
Defender Context
This incident highlights the critical importance of robust access controls and credential management for large organizations. Defenders should be prepared for potential phishing campaigns targeting affected users and monitor for related malicious activity. Such breaches can lead to follow-on attacks targeting individuals or the wider ecosystem.