Breach, Data Security

Attempts made to access Toys”R”Us reward program profiles


Unnamed attackers attempted to gain access to some Toys“R”Us reward program members' profiles in January, prompting the company to send email notifications and request users change their passwords.

The attempts were made between January 28 and January 30, according to an emailed statement to No credit card information was affected.

“We suspect this activity was due to large breaches at other companies – not Toys“R”Us – where user login names and passwords were stolen and then used for unauthorized access to other accounts, such as Rewards“R”Us accounts, where a user may use the same login name and password,” the statement said.

Users who had account activity during the affected time period had their rewards points reimbursed.

The company said its security measures alerted it to “efforts to overcome the layer of security” it has in place, allowing it to detect the login attempts.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.