A data breach that has potentially exposed the email and password combinations for over 14 million customers across six internet service providers (ISPs) has been disclosed by Japanese telecoms provider KDDI Corporation.
According to the company, hackers exploited a vulnerability in a third-party software to access the database of credentials. KDDI said that it immediately blocked the hackers’ access after discovering the intrusion on June 17, 2026.
“Although technical defensive measures have already been implemented for the system, there remains a possibility that customers’ email addresses and passwords were obtained by unauthorized third parties as a result of the incident.”
Read more…
Source: Tech Radar
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Former DHS official charged with stealing govt employees’ PII
January 14, 2022
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees’ personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG ...
- California town announces data breach involving police department, loan provider
January 10, 2022
Grass Valley, California has announced an extensive data breach involving the Social Security numbers and more of all city employees and vendors — as well as anyone who had their information given to the local police department. The city said in a notice that Social Security numbers, driver’s license numbers, and health insurance information was leaked ...
- FlexBooker apologizes for breach of 3.7 million user records, partial credit card information
January 7, 2022
Scheduling platform FlexBooker apologized this week for a data breach that involved the sensitive information of 3.7 million users. In a statement, the company told ZDNet a portion of its customer database had been breached after its AWS servers were compromised on December 23. FlexBooker said their “system data storage was also accessed and downloaded” as ...
- 1.1M Compromised Accounts Found at 17 Major Companies
January 5, 2022
There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation. Credential-stuffing attacks, such as last year’s attack on Spotify, use automated scripts to try high volumes of usernames and password combinations against online accounts in an effort to take ...
- Morgan Stanley agrees to $60 million settlement in data breach lawsuit
January 5, 2022
Morgan Stanley has agreed to a settlement figure of $60 million to resolve a data breach lawsuit. The US bank and financial services giant was subject to a class-action suit following two data exposure incidents involving approximately 15 million current and former clients. According to the motion (.PDF), legacy equipment was decommissioned in 2016 and 2019 that ...
- Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’
January 3, 2022
This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15. In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information ...