Emerging
Jun 17, 20261
59%
SCSK Website Hit by Suspicious Authentication Prompt Attack via Polyfill.io
SCSK Corporation announced on June 8 that its official website displayed suspicious authentication prompts through a compromised external service called polyfill.io. The company has taken corrective measures and is investigating the incident's scope, while urging customers who entered credentials to change their passwords.
Quick Facts
Who
SCSK Corporation
What
Suspicious authentication prompts displayed on website pages
When
June 8, 2026 (announcement date)
Where
SCSK Corporation official website
- Suspicious authentication prompts displayed on website pages
- Compromise through external service polyfill.io
- Implementation of security measures
- Ongoing investigation into impact scope
- Customer notification and password change advisory
SCSK Corporation disclosed on June 8 that its official website displayed suspicious authentication prompts on certain pages. The unauthorized dialogs appeared through an external service called polyfill.io, which was integrated into some content pages of the company's website. The attack compromised the normal user experience by displaying fake authentication requests to visitors.
The company has implemented necessary security measures to address the vulnerability and is conducting an ongoing investigation to determine the full scope of the incident. SCSK has not yet publicly disclosed the complete extent of user exposure or the duration for which the malicious prompts were displayed.
Customers who may have entered their credentials—including user IDs and passwords—on the affected pages have been urged by SCSK to change their passwords immediately as a precautionary measure. The company recommends that affected users monitor their accounts for any suspicious activity and consider changing passwords on other services if the same credentials were used elsewhere.
Why This Matters
This incident highlights a critical supply chain security risk: third-party services embedded in websites can become attack vectors. Organizations relying on external polyfill libraries should audit their dependencies immediately. For users, this underscores the importance of password hygiene and the need to change credentials if compromised, especially across multiple services. The incident demonstrates how attackers exploit trusted integrations to harvest credentials at scale.
Timeline & Sources
Jun 8, 2026
WireSCSK announced discovery of suspicious authentication prompts on official website
Jun 8, 2026
WireVulnerability traced to external service polyfill.io
Jun 8, 2026
WireSCSK began implementing necessary security measures