[URGENT] Notice of Mandatory Password Reset Due to Potential Unauthorized Access to SFC-CNS Mail System

This is an urgent and important announcement from the Shonan Fujisawa Information Technology Center (SFC-KIC) and CSIRT.
Unauthorized external access exploiting an unknown vulnerability has been confirmed within the SFC-CNS email service. As a result of our investigation, it has been determined that there is a high possibility that users' email passwords (IMAP/SMTP-AUTH passwords) have been compromised. To prevent further damage and unauthorized logins, we are implementing the following emergency measures for the CNS email system.

1. Forced Reset of Email Passwords

To prevent unauthorized access, email passwords for all CNS accounts will be forcibly reset. Access to viewing and sending emails will be temporarily suspended.
Email reception and pre-configured forwarding functions remain operational. Emails received between the forced reset and the resumption of service are being held on the server and will be accessible after you reset your password.

2. Procedures for Resuming Service (Password Reset)

To resume viewing and sending emails, you must set a new password.

Login and email read/write capabilities will be restored sequentially as password resets are completed.

3. Request to Change CNS Login Passwords and External Service Credentials

In this incident, hashed CNS login password information was also compromised. Consequently, there is a risk of analysis by malicious third parties for all accounts, regardless of how similar your passwords may be. To prevent secondary damage, we strongly request the following actions:

A detailed report will be issued by the Information Technology Center and CSIRT in due course.
We apologize for the great inconvenience and concern this may cause, and we appreciate your cooperation in ensuring the security of our community.