Shadow Tier cyber intelligence
Back to overview
Confidence MediumJun 28, 2026stnet.co.jp

STNet Email Accounts Impacted by KDDI Data Breach

PatternExternal actor · Hacking · Confidentiality impact

STNet, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including STNet. Email addresses and passwords of STNet customers may have been compromised.

Signal date
Jun 28, 2026
Updated
Jun 29, 2026
Confidence
Medium
Sources
3 sources
stnet.co.jp logo

Stnet

Sector
Information
Signals
1 linked
Scan this company

Signal context

First seen: Jun 28, 2026

Last updated: Jun 29, 2026

Status: Public signal

Key points

  • Part of a larger KDDI data breach.
  • Email addresses and passwords potentially compromised.
  • Caused by a vulnerability in third-party software.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Stnet logo
Stnet

Sector: Information

Likely country: 🇯🇵 Japan

inferred from company domain

    Estimated
    Threat source
    Hacking activity

    Watch internet-facing systems, credential abuse and exploit activity.

    • Source type: outside the affected organization
    Business impact
    Potential data exposure

    Impact area: Confidentiality

    Likely asset: User or customer data

    Trend context
    77 signals with similar action pattern
    • 33 signals in the same sector
    • 95 signals with the same likely impact area
    • 1 signal linked to this organization/domain
    Mentioned entities
    StnetData DisclosureKDDI CorporationKDDIJapanese ISPsSTNet. EmailSTNetPart ofEmailCaused

    External sources

    Related signals

    Grouped by why the signal is relevant.

    jcom.co.jp logoJcomJun 28, 2026
    Same sectorSame action patternSame impact area

    JCOM Email Accounts Impacted by KDDI Data Breach

    JCOM, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including JCOM. Email addresses and passwords of its customers may have been compromised.

    kddi.com logoKddiJun 28, 2026
    Same sectorSame action patternSame impact area

    KDDI Corporation Email System Data Breach

    Japanese telecommunications operator KDDI Corporation disclosed a data breach affecting an email system it provides to multiple internet service providers. Threat actors exploited a vulnerability in unnamed third-party software, potentially exposing up to 14.22 million email addresses and passwords of current, former, and inactive customers. The compromise was discovered on June 17, 2026, and technical defensive measures were immediately implemented. KDDI has reported the incident to Japanese privacy and telecommunications regulators.

    lastpass.com logoLastpassJun 28, 2026
    Same sectorSame action patternSame impact area

    LastPass Customer Data Compromised via Third-Party Vendor Klue

    LastPass confirmed a new data loss incident where customer data was accessed through a compromise of Klue, a third-party market intelligence platform used by LastPass's marketing and sales teams. Attackers gained access to OAuth tokens belonging to Klue clients, which were then used to access LastPass-related data in Salesforce. Exposed data includes names, phone numbers, email addresses, postal addresses, customer relationship information, commercial data, and support records. LastPass assures that user password vaults were not affected.

    kddi-web.com logoKddi WebJun 28, 2026
    Same sectorSame action patternSame impact area

    KDDI Web Communications Email Accounts Impacted by KDDI Data Breach

    KDDI Web Communications, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including KDDI Web Communications. Email addresses and passwords of its customers may have been compromised.

    polymarket.com logoPolymarketJun 28, 2026
    Same sectorSame action patternSame impact area

    Polymarket Suffers $3M+ Crypto Drain via Third-Party Vendor Compromise

    Prediction market platform Polymarket disclosed a breach where hackers compromised a third-party vendor, injected malicious code into the website for some users, and drained approximately $3 million (updated reports around $3.1M) in pUSD (USDC-backed) from at least 11 user wallets. The funds were subsequently swapped and moved to Ethereum. The platform has contained the incident, promised full refunds to affected users, and is notifying victims. The incident was disclosed on June 28, 2026.

    ctc.co.jp logoCtcJun 28, 2026
    Same sectorSame action patternSame impact area

    Chubu Telecommunications Email Accounts Impacted by KDDI Data Breach

    Chubu Telecommunications, an internet service provider, was impacted by a data breach disclosed by KDDI Corporation on June 28, 2026. The breach, stemming from a vulnerability in third-party software used by KDDI's email system, exposed up to 14.2 million email accounts across several Japanese ISPs, including Chubu Telecommunications. Email addresses and passwords of its customers may have been compromised.