Saturday, June 6, 2026AboutContactDisclaimerAdvertiseNewsletterWrite for Us
Subscribe Free
Home
LIVE
Back to Home
Malicious Polyfill.io Prompts Hit Toshiba, Muji Websites
Cybersecurity

Malicious Polyfill.io Prompts Hit Toshiba, Muji Websites

B
Blizine Admin
·2 min read·0 views
Quick Brief
  • Toshiba, Muji warn of suspicious login prompts.
  • Compromised polyfill.io domain reactivated.
  • Change passwords if credentials were entered.
📌Key Points
1Toshiba and Muji warned about suspicious login prompts.
2Polyfill.io domain, compromised in 2024, reactivated in late May 2026.
3Users advised to change passwords if credentials were entered.
4No confirmed data breaches, but caution is recommended.

Unexpected Login Screens Appear

Tech giant Toshiba and mega-retailer Muji warned visitors about suspicious sign-in screens appearing on their websites. These prompts, generated by the external service polyfill[.]io, could potentially collect user credentials. The issue stems from a 2024 compromise of the polyfill[.]io domain, which introduced malicious code into its delivered scripts.

Compromised CDN Causes Login Alerts

Japanese companies Toshiba and Muji alerted website visitors to unexpected authentication screens. These screens appeared on parts of their sites, prompting users for account login data. The source of these prompts was identified as polyfill[.]io, an external service that acts as a JavaScript CDN (Content Delivery Network) for legacy browsers, providing a compatibility layer for unsupported technologies.

The Polyfill.io Domain History

The original polyfill[.]io domain was not owned by the open-source project's creator, Andrew Betts. When the domain expired in 2024, a Chinese entity acquired it and injected malicious scripts, impacting over 100,000 websites using the Polyfill service. Betts publicly recommended that website owners remove the service and relaunched the CDN at new domains, first polyfill.com and later polyfill.top.

Recent Resurgence and User Warnings

Security researcher Pasquale Pillitteri reported that starting in late May 2026, the polyfill[.]io domain became active again. It began responding with HTTP 401 authentication requests, which user browsers interpreted as requests for usernames and passwords, leading to login prompts. Toshiba issued a short communication, advising users to select "Cancel" without entering any information" if they encountered the screen.

  • Muji published a similar announcement earlier this week, warning visitors of the suspicious screens.
  • Both Toshiba and Muji have since solved the issue and suspended the service.
  • Japanese media outlets reported that Zojirushi, FiNC Technologies, Ishiyaku Publishers, and Hobonichi were also impacted.
  • Samsung Smart TVs and websites reportedly displayed a login prompt on June 1.
  • Users who entered login data in these screens are advised to change their passwords.
  • There is currently no indication of hacked websites or stolen credentials.
"We have confirmed that some parts of our website may display a sign-in screen like the one shown below. We are currently working to eliminate this screen, but if you do see it, please select "Cancel" without entering any information." — Toshiba, Official Communication

Key Points

  • Toshiba and Muji warned users about suspicious login prompts on their websites.
  • The prompts originated from the polyfill[.]io domain, which reactivated in late May 2026.
  • The polyfill[.]io domain was compromised in 2024 by a Chinese entity.
  • Users who entered credentials on these screens should change their passwords.
  • No confirmed unauthorized access or information leakage has been reported.

The Bottom Line

Unexpected login prompts on trusted websites demand extreme caution. Users who may have entered credentials on affected sites like Toshiba or Muji are strongly advised to change their passwords immediately. This incident underscores the persistent risks associated with third-party scripts and the importance of vigilant domain management in the digital ecosystem.

Frequently Asked Questions

Which websites were affected by the suspicious login prompts?
Toshiba and Muji officially warned users about the prompts. Japanese media also reported impacts on Zojirushi, FiNC Technologies, Ishiyaku Publishers, and Hobonichi. Samsung Smart TVs and websites also reportedly displayed prompts.
What caused the suspicious login prompts on these websites?
The prompts originated from the external service polyfill[.]io. This domain, compromised in 2024, reactivated in late May 2026 and began sending HTTP 401 authentication requests, causing browsers to display login screens.
What should users do if they encountered these login screens?
Toshiba advised users to select "Cancel" without entering any information. Both companies recommend changing passwords for the service if any account login data was entered into the suspicious authentication screens.
#Cybersecurity
#Website Security
#Data Breach
#JavaScript CDN
B
Blizine Admin

Staff Writer

View Profile

Related Articles

Bridging the Cyber Chasm: Apprenticeships Emerge as a Critical Solution to the Global Talent Shortage

Jun 6, 2026·5 min read

Over 900 US Gas Station Fuel Systems Exposed to Cyberattacks

Jun 5, 2026·3 min read

International Crackdown Arrests 29, Dismantles Nine Illegal Streaming Rings

Jun 3, 2026·3 min read

Comments