Toshiba and Muji have issued warnings to their website visitors regarding suspicious login prompts that may collect user credentials. These pop-ups originated from the polyfill[.]io service, which was compromised in 2024 when the domain was acquired by a Chinese entity that introduced malicious code. Both companies have advised users who may have entered their login details to change their passwords. While there is currently no evidence of unauthorized access or data leakage, the companies are taking precautions to ensure user safety. Other companies, such as Zojirushi and FiNC Technologies, have also been affected by this issue. Security researcher Pasquale Pillitteri noted that the polyfill service, originally designed for legacy browser support, has been misused, leading to unexpected authentication prompts on various websites. Although the polyfill[.]io service has been deactivated, remnants of its code remain on some sites, causing these login prompts to appear. Users are urged to remain vigilant and cautious about unexpected authentication requests.