14 Million Email Passwords May Be Loose After KDDI Breach

Japanese telecom KDDI disclosed a breach discovered June 17 in an email system shared by six ISPs.

What KDDI actually confirmed

KDDI says it discovered the compromise on June 17 and moved fast, blocking the attacker and rolling out defensive measures the same way most large carriers do after detection.

Why 14.2 million is the scary number

KDDI is not a small player.

Hashed, encrypted, or plaintext, and why the difference is everything

KDDI offered one piece of cautious reassurance: some passwords were stored in hashed or encrypted form, which means they cannot be readily abused to hijack accounts even if exposed.

The real reason ISP email breaches hurt more

A leaked password from a random forum is annoying.

Get the full story

Read the complete breakdown, fixes and what happens next.