Back to Blog
high severity July 08, 2026 · 12.2M affected

KDDI Discloses Breach Impacting 12M+ Customer Emails and Passwords

Japanese telecom giant KDDI revealed attackers breached a third-party email platform used by multiple ISPs via a zero-day vulnerability, exposing email addresses of 12,233,087 people and passwords of 7,616,173. The company blocked access, deployed EDR, conducted forensics, notified authorities, and is coordinating password resets. Public disclosure occurred on July 8, 2026.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
KDDI Discloses Breach Impacting 12M+ Customer Emails and Passwords
Severity High
Disclosed July 08, 2026
Affected 12.2M
Data exposed email addressespasswords

On July 8, 2026, Japanese telecom provider KDDI disclosed a breach that exposed the email addresses of 12,233,087 customers and the passwords of 7,616,173 of them after attackers exploited a zero-day vulnerability in a third-party email platform used by multiple internet service providers.

Confirmed Facts from Reporting

Confirmed Facts from Reporting

Public reporting indicates the attackers gained access to a shared email platform relied on by several ISPs. The breach specifically exposed email addresses and passwords. KDDI stated it blocked the unauthorized access, deployed endpoint detection and response tools, performed a forensic investigation, notified law enforcement, and began coordinating password reset efforts with affected partners.

The company disclosed the incident on July 8, 2026. Available reporting describes the total impact as 12.2 million people, with the password exposure limited to roughly 7.6 million records. No evidence has surfaced that the attackers exfiltrated additional data types such as phone numbers, physical addresses, or financial details from the platform itself.

Why This Matters for You and Your Family

If you or anyone in your household uses email through KDDI or one of the other ISPs that relied on the same third-party platform, your login credentials may now be in the hands of criminals. Exposed passwords are especially dangerous when people reuse the same password across multiple services, including banking, shopping, and social media accounts.

Children and teenagers who share a family email address or use credentials tied to a parent’s account are also at risk. A single leaked password can give attackers a foothold into your digital life, potentially leading to unauthorized charges, identity theft, or harassment that affects the entire household.

The Doxxing and Identity-Chain Risks

Credential leaks like this one rarely stop at a single login. Once attackers have an email and password, they test those credentials on dozens of other sites. Successful logins can reveal linked accounts, gaming profiles, and personal details that connect your online handles back to your real identity. This process, known as identity-chain mapping, turns one breach into a roadmap for doxxing, targeted scams, or even physical threats.

Gaming accounts belonging to you or your children are particularly vulnerable because they often share the same email address used for family services. A compromised gaming login can expose chat logs, friend lists, and voice chat recordings that make it easier for attackers to build a complete profile of your household.

What to Do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by the service.
  • Rotate the password you used at the affected KDDI-related service anywhere it is reused, and immediately enable two-factor authentication through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your data is caught in hours, not months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts that often chain back to the same email or address.
  • Let remediation specialists perform hands-on takedown work across data brokers and exposed profiles while you focus on securing your accounts.

The incident shows how quickly a flaw in one vendor’s system can place millions of ordinary families in the crosshairs. Taking concrete steps now can limit the damage and reduce the chance that this breach becomes the first link in a longer chain of identity abuse.

DoxxScan by GalaxyWarden delivers exactly that protection through continuous monitoring across 15.4 billion-plus breach records and over 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.