TaskRabbit has reset an unknown variety of buyer passwords after confirming it detected “suspicious exercise” on its community.
The IKEA -owned on-line market for on-demand labor stated it reset consumer passwords out of an abundance of warning and that it “took steps to stop entry to any consumer accounts,” a TaskRabbit spokesperson informed TechCrunch.
“As all the time, the protection and safety of the TaskRabbit neighborhood is our precedence, and we’ll proceed to be vigilant about defending our customers’ private info,” stated the spokesperson.
However TaskRabbit didn’t instantly elaborate or present solutions to our questions, together with if it deliberate to tell prospects of the breach, what information — if any — was taken or if the breach had been remediated.
TaskRabbit prospects had been alerted to the incident in a imprecise e mail that solely famous their password had been just lately modified “as a safety precaution,” with out saying what particularly prompted the account change. TechCrunch confirmed that the e-mail was authentic.
It’s not unusual for firms to reset passwords after a safety incident the place buyer or account info is accessed or stolen in a breach. But it surely’s uncommon for firms to reset consumer passwords unrelated to a safety incident.
Final yr, on-line attire market StockX reset buyer passwords after initially citing “system updates,” however later admitted it took motion after it found suspicious activity on its community. Days later, a hacker offered TechCrunch with 6.8 million StockX account records stolen from the corporate’s servers.
TaskRabbit’s freelance labor market was based in 2008, and grew over time from an auction-style platform for negotiating duties and errands to a extra mature and tailor-made market to match prospects with contractors. That ultimately attracted the eye of furnishings retailer IKEA, which bought the startup in September 2017 after TaskRabbit put itself available on the market for a strategic purchaser.
The yr after the acquisition, nonetheless, TaskRabbit had to take its website and app down attributable to a “cybersecurity incident.” The corporate later revealed an attacker had gained unauthorized entry to its programs. Then-TaskRabbit CEO Stacy Brown-Philpot stated the corporate had contracted with an outside forensics team to establish what buyer info had been compromised by the assault, and urged each customers and suppliers to remain vigilant in monitoring their very own accounts for suspicious exercise.
Following the assault, the corporate stated it was implementing a number of new safety measures and would work on making the log-in course of safer. It additionally stated it might cut back the quantity of knowledge retained about taskers and prospects in addition to “improve general community cyber risk detection know-how.”