One more time, TaskRabbit has made it to the news. However, the issue isn’t as severe this time as in the past. Reportedly, the firm noticed an unusual activity on its network after which TaskRabbit reset passwords.
TaskRabbit Disclosed Credential Stuffing Attack
Recently, the online marketplace and labor hiring platform TaskRabbit has suffered a cybersecurity incident.
The news surfaced online as various customers flooded the social media about receiving emails from TaskRabbit asking to change passwords. Some users even questioned the company whether it has faced a data breach.
@TaskRabbit Have you had a data breach and failed to inform the @ICOnews – because you’ve sent out an email that looks of a phishing nature without thinking about how it’s uptaken trying to hide something. Only reason you’d ask for a password reset is you’ve had a data breach. pic.twitter.com/m75nIcYwDS
— Kyle (@Artemu) December 20, 2020
I got the same email. Smells of data breach
— Henry Bennett (@islandwall) December 21, 2020
Certainly, the users weren’t wrong in asking such questions since TaskRabbit had previously suffered a breach in 2018.
However, this time, it seems things weren’t so severe. According to TechCrunch, TaskRabbit reset customers’ passwords after a credential stuffing attack.
In such attempts, the attacks try to break into users’ accounts by matching known or breached usernames and passwords with users’ accounts on a target website.
TaskRabbit Reset Passwords As Precaution
In its statement to TechCrunch, a TaskRabbit spokesperson confirmed that they have reset users’ passwords out of caution.
We acted in an abundance of caution and reset passwords for many TaskRabbit accounts, including all users who had not logged in since May 1, 2020, as well as all users who logged in during the time period of the attack, even though most of the latter activity was attributable to users’ regular use of our services.
So, now, all users who have received that somewhat vague email from TaskRabbit should trust the email’s legitimacy. Also, they should make sure to (now) set unique passwords to their accounts, something they don’t use on any other account. It’s especially important given the increase of cyber attacks due to password reuse.
Let us know your thoughts in the comments.