Toys "R" Us resets user passwords following stolen rewards

Account holders with Toys "R" Us have been informed that their passwords will be reset, after unauthorized third-parties attempted to gain access to the company's reward program, reports SC Magazine.

Rather than a hack to its own databases, the retailer took the decision because of recent cyberattacks elsewhere and the recycled login details used by some of its customers. It is thought that hackers were able to break in to Toys "R" Us accounts by reusing the same credentials obtained from other companies.

Toys "R" Us notified affected customers via email, explaining that the security update follows a number of illegal login attempts made to its Rewards "R" Us accounts between January 28 and January 30, 2015.

“Out of an abundance of caution, we are therefore treating your account password as compromised and taking appropriate steps to address that situation,” the company said in a letter.

According to Softpedia, all reward dollars printed during the aforementioned time will be reinstated, even if they were spent legitimately by customers. As well as taking this proactive measure, Toys "R" Us provided its account holders with detailed instructions on how to get a new password, including useful advice on best password practice so as to avoid repeat mistakes

Reusing passwords between different sites is one of the most frequently-made password mistakes around, and the Toys "R" Us case is a great example of how it can be exploited by cybercriminals. To learn more about common password mistakes and how best to avoid them, take a look at our video below.