Major Japanese Companies Face Suspicious Login Pages

Several Japanese companies across various industries have reported fake login pages appearing on their websites. Affected entities include retail chain Muji, appliance manufacturer Zojirushi, and sports event organizers Boat Race. All incidents are attributed to a vulnerability in the polyfill.io service, which has been exploited in supply chain attacks before.

Company representatives confirmed no data leaks have been detected but warned users of potential risks. Those who entered credentials on suspicious pages are advised to change passwords immediately. Security experts note that attacks via third-party scripts are becoming increasingly common, especially when services are not updated in a timely manner.

Polyfill.io is a popular tool for ensuring web application compatibility with older browsers. However, in recent years, it has repeatedly been targeted by cyberattacks due to its widespread use. Security specialists recommend companies reassess their use of such services and implement additional protective measures, such as multi-factor authentication.