TaskRabbit has reset an unknown number of customer passwords after confirming it detected “suspicious activity” on its network.
The IKEA -owned online marketplace for on-demand labor said it reset user passwords out of an abundance of caution and that it “took steps to prevent access to any user accounts,” a TaskRabbit spokesperson told TechCrunch.
“As always, the safety and security of the TaskRabbit community is our priority, and we will continue to be vigilant about protecting our users’ personal information,” said the spokesperson.
But TaskRabbit did not immediately elaborate or provide answers to our questions, including if it planned to inform customers of the breach, what data — if any — was taken or if the breach had been remediated.
TaskRabbit customers were alerted to the incident in a vague email that only noted their password had been recently changed “as a security precaution,” without saying what specifically prompted the account change. TechCrunch confirmed that the email was legitimate.
It’s not uncommon for companies to reset passwords after a security incident where customer or account information is accessed or stolen in a breach. But it’s rare for companies to reset user passwords unrelated to a security incident.
Last year, online apparel marketplace StockX reset customer passwords after initially citing “system updates,” but later admitted it took action after it found suspicious activity on its network. Days later, a hacker provided TechCrunch with 6.8 million StockX account records stolen from the company’s servers.
TaskRabbit’s freelance labor marketplace was founded in 2008, and grew over time from an auction-style platform for negotiating tasks and errands to a more mature and tailored marketplace to match customers with contractors. That eventually attracted the attention of furniture retailer IKEA, which bought the startup in September 2017 after TaskRabbit put itself on the market for a strategic buyer.
The year after the acquisition, however, TaskRabbit had to take its website and app down due to a “cybersecurity incident.” The company later revealed an attacker had gained unauthorized access to its systems. Then-TaskRabbit CEO Stacy Brown-Philpot said the company had contracted with an outside forensics team to identify what customer information had been compromised by the attack, and urged both users and providers to stay vigilant in monitoring their own accounts for suspicious activity.
Following the attack, the company said it was implementing several new security measures and would work on making the log-in process more secure. It also said it would reduce the amount of data retained about taskers and customers as well as “enhance overall network cyber threat detection technology.”