Susan Tampor writes:
I received a “Security Update” last week via e-mail regarding the rewards program that I signed up for several years ago at Toys R Us.
Given all the scams, I wondered whether this notice was some kind of trick. But it was legitimate.
[…]
Kathleen Waugh, vice president of corporate communications for Toys R Us, confirmed in an e-mail that no points were lost for customers.
She said the retailer sent the security update e-mail to a “small percentage” of Rewards R Us members requesting a password change.
“We suspect this activity was due to large breaches at other companies — not Toys R Us — where user log-in names and passwords were stolen and then used for unauthorized access to other accounts, such as Rewards R Us accounts, where a user may use the same log-in name and/or password,” according to the e-mail sent to some rewards members.
Toys R Us said it was able to identify an attempt to gain unauthorized access to a small percentage of the rewards accounts from Jan. 28 to Jan. 30.
Read more on WCNC.