Unnamed attackers attempted to gain access to some Toys“R”Us reward program members' profiles in January, prompting the company to send email notifications and request users change their passwords.
The attempts were made between January 28 and January 30, according to an emailed statement to SCMagazine.com. No credit card information was affected.
“We suspect this activity was due to large breaches at other companies – not Toys“R”Us – where user login names and passwords were stolen and then used for unauthorized access to other accounts, such as Rewards“R”Us accounts, where a user may use the same login name and password,” the statement said.
Users who had account activity during the affected time period had their rewards points reimbursed.
The company said its security measures alerted it to “efforts to overcome the layer of security” it has in place, allowing it to detect the login attempts.