Toshiba and Muji have warned website visitors about suspicious sign-in screens that appeared on their websites and could have tricked users into entering their account credentials.
Both Japanese companies advised anyone who entered login details into the unexpected authentication pop-ups to change their passwords for the affected services.
The pop-ups were generated by an external service hosted at polyfill[.]io. The same domain was previously linked to a 2024 security incident in which malicious code was added to scripts delivered via its CDN.
Toshiba said it had confirmed that some parts of its website could display a sign-in screen and urged users to click “Cancel” if they saw it, without entering any information. The company said it was working to remove the screen.
Muji issued a similar warning earlier this week, saying suspicious authentication screens had appeared because of the external polyfill[.]io service. The retailer said it had not confirmed any unauthorized access or data leakage, but asked customers to take precautions for their safety.
Both Toshiba and Muji have since fixed the issue and suspended the service.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
