TaskRabbit Password Reset: Security Breach & Account Updates

TaskRabbit has initiated a password reset for an unspecified number of its users following the detection of “suspicious activity” occurring within its network.

The online marketplace, which connects customers with freelance labor and is owned by IKEA, proactively reset user passwords as a precautionary measure and implemented safeguards to prevent unauthorized access to user accounts, according to a TaskRabbit spokesperson who spoke with TechCrunch.

The company subsequently identified the incident as a credential stuffing attack, a technique where previously compromised usernames and passwords are tested across various websites in an attempt to gain access to accounts.

“We responded with an abundance of caution by resetting passwords for a significant number of TaskRabbit accounts, including all users who hadn’t logged in since May 1, 2020, and those who logged in during the period of the attack, though much of the latter was attributable to normal service usage,” the spokesperson explained.

“Protecting the safety and security of the TaskRabbit community remains our highest priority, and we are committed to continuously strengthening our defenses to safeguard our users’ personal information,” the spokesperson added.

TaskRabbit informed its customers about the situation through a general email notification, stating that their password had been changed recently “as a security precaution” without detailing the specific reason for the change. TechCrunch has verified the authenticity of this email.

Resetting passwords after a security event involving potential access to or theft of customer data is a common practice for many organizations.

In a similar instance last year, StockX, an online apparel marketplace, initially attributed a customer password reset to “system updates,” but later acknowledged it was a response to detected suspicious activity on its network. Shortly after, a hacker shared 6.8 million stolen StockX account records with TechCrunch.

Founded in 2008, TaskRabbit began as an auction-based platform for task negotiation and has evolved into a more refined marketplace that efficiently connects customers with qualified contractors.

This growth attracted the attention of IKEA, which acquired the startup in September 2017 after TaskRabbit actively sought a strategic buyer.

However, the year following the acquisition, TaskRabbit experienced a “cybersecurity incident” that forced the temporary shutdown of its website and app. The company later revealed that an unauthorized party had gained access to its systems. Stacy Brown-Philpot, then-CEO of TaskRabbit, engaged an external forensics team to determine the scope of compromised customer information and advised users and service providers to monitor their accounts for any unusual activity.

In the aftermath of that attack, the company announced the implementation of enhanced security measures, including a more secure login process, reduced data retention for both taskers and customers, and improved network cyber threat detection capabilities.

Brown-Philpot departed from TaskRabbit earlier this year, and the CEO position is now held by Ania Smith, a former leader at Airbnb and Uber Eats.

Updated to include further commentary from TaskRabbit.