KDDI exposes 14.2 million email credentials

Japanese telco KDDI disclosed unauthorized access to its managed email service, affecting up to 14.2 million users. Attackers exploited a vulnerability in third-party software on June 17. Passwords were hashed and encrypted, but email addresses may have leaked, exposing users to phishing and identity theft.