Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

Toshiba and Muji have alerted website visitors to fraudulent login prompts appearing on their sites that aim to steal user credentials. The suspicious sign-in screens represent a supply chain compromise targeting the popular Polyfill JavaScript library, which both retailers embedded in their web infrastructure.

Polyfill, a widely used open-source library that enables older browsers to support modern web features, fell under malicious control after domain ownership transferred hands. Threat actors leveraged this access to inject malicious code into websites relying on the library, forcing fake authentication dialogs to appear when users attempted to log in.

The attack surface extends beyond Toshiba and Muji. Hundreds of websites integrate Polyfill into their codebases, creating a large pool of potential victims. When users encountered the fake login prompts, entering credentials would transmit that sensitive information directly to attackers rather than legitimate company servers.

This supply chain attack highlights a critical vulnerability in the JavaScript ecosystem. Developers often depend on third-party libraries to accelerate development cycles, yet few organizations maintain visibility into which external code dependencies enter their production environments. When a single compromised library reaches thousands of sites, the blast radius becomes enormous.

Users visiting affected websites during the compromise window face credential theft risks. Those who entered login information into suspicious prompts should immediately change passwords on both the affected platforms and any services sharing those credentials. Organizations using Polyfill must audit their deployments and update to clean versions immediately.

Toshiba and Muji removed the malicious code and notified customers of the incident. Security researchers continue investigating the extent of compromise and identifying additional affected websites. This incident underscores the necessity of dependency monitoring, code integrity verification, and rapid incident response protocols for organizations handling customer data through web properties.