The operation of the current ECCS Staff Email (@mail.ecc.u-tokyo.ac.jp) and MailHosting services began in August 2016. Unfortunately, email client passwords used before May 20, 2018 were saved in the email sending log and were decodable. Please note that temporary passwords sent when users failed to log in were saved as well.
As it is an unfavorable situation that system administrators of the mail server have access to the user’s passwords, we have modified the system to prevent retention of decodable passwords in the email sending logs on May 20, 2018. Following the modification, we have carried out masking of decodable passwords in the email sending logs during the period from August 2016 to May 20, 2018.
Although there is no imminent danger, we recommend that users who sent emails using mail client through ECCS Staff Email and MailHosting services during the period from August 2016 to May 20, 2018 and users who still use the same password or use the same password for other services (we do not recommend using the same password for different services) to change passwords.
We apologize to ECCS users for causing concern.