TaskRabbit An unknown number of customer passwords have been reset after detecting “suspicious activity” on their network.
Ikea The online marketplace, famous for on-demand labor, said it carefully removed a user’s password and that it “took steps to prevent access to any user accounts,” a taskbit spokesperson told TechCrunch.
The company later confirmed that it was a credential stuffing attack, in which a set of existing accesses or breeched usernames and passwords match different websites to access the account.
“We worked in an abundance of caution and reset passwords for many task-rabbit accounts, including all users who had not been logged in since May 1, 2020, as well as all users who had Had logged in during the time of the attack, although most subsequent activity was attributed to the regular use of our services to users, ”the spokesperson said.
“As always, the safety and security of the taskbrat community is our priority, and we will be vigilant about protecting the personal information of our users,” the spokesperson said.
TaskRabbit customers were informed of the incident in an obscure email that only their passwords had recently been changed as a “security precaution”, without saying that specifically prompted an account change. Was. TechCrunch confirmed that the email was legitimate.
It is not uncommon for companies to reset passwords after a security incident where customer or account information is accessed or stolen in a breach.
Last year, online apparel marketplace StockX initially reset customer passwords, citing “system updates”, but later acknowledged that actions were taken after Suspicious activity found On its network. A day later, a hacker provided a tech crunch 6.8 million StockX account records Theft from the company’s server.
TaskRabbit’s freelance labor market was founded in 2008, and has grown over time An auction-style platform With contractors to negotiate tasks and works for a more mature and tailored market to match customers. That eventually attracted the attention of furniture retailer IKEA, which Purchased startup in September 2017 After TaskRabbit marketed itself to a strategic buyer.
The year after the acquisition, however, TaskBabbit Its website and app had to be taken down Due to a “cyber security incident”. company Later found out An attacker gained unauthorized access to his system. Then-task rabbit CEO Stacey Brown-Philpot said the company had Contracted with an external forensic team Urged both users and providers to identify which customer information was compromised by the attack, and to be vigilant in monitoring their own accounts for suspicious activity.
Following the attack, the company said it was implementing several new security measures and would work on making the log-in process more secure. It also said that it would reduce the amount of data maintained about working and customers as well as “enhance the overall network cyber threat detection technology.”
Updated with additional commentary from TaskRabbit.