Millions of Email Passwords Exposed in Japan Internet Provider Breach: Check Your Account

Japanese telecommunications company KDDI discovered that hackers broke into a system used by six internet service providers across Japan. The breach put up to 14.22 million email addresses and passwords at risk. KDDI found the problem on June 17, 2026 and fixed the affected system the same day. If you or your family use internet service from KDDI or one of the six providers that share their system, your email login information may have been exposed to attackers. This includes both your email address and the password you use to access your ISP email account.

Hackers could use this information to read your private messages, send emails pretending to be you, or try these passwords on your other accounts. You need to take action immediately if you use email service from any KDDI-related internet provider in Japan.

Here is what to do right now:

1. Change your ISP email password immediately. Make it completely different from your old password.
2. If you used the same password on any other websites or accounts, change those passwords too. Never reuse passwords across different sites.
3. Check your email account for any suspicious activity, like emails you did not send or settings you did not change.
4. Watch for phishing emails over the next few months. Scammers might use your exposed email address to send fake messages trying to trick you. This breach is a reminder that everyone needs unique passwords for each important account. Consider using a password manager to create and store strong, different passwords for every site you use. Turn on two-factor authentication whenever possible, which adds an extra security step beyond just your password. These habits protect you even when companies experience data breaches.