[BreachExchange] TaskRabbit investigates 'cybersecurity incident, ' app taken down

Audrey McNeil audrey at riskbasedsecurity.com
Tue Apr 17 18:49:30 EDT 2018


https://www.msn.com/en-us/news/technology/taskrabbit-
investigates-cybersecurity-incident-app-taken-down/ar-AAvXfnS


TaskRabbit is investigating a "cybersecurity incident," it told users.

TaskRabbit has a job for cybersecurity experts: find out what happened to
their own network.

The handyman-for-hire app, which connects workers with people who have a
task they'd rather pay someone else to do, sent an alert to its users on
Monday, informing them that they were "investigating a cybersecurity
incident."

The company, which Ikea acquired in September, said it's working with an
outside cybersecurity firm and law enforcement to figure out what happened.
While TaskRabbit is conducting its investigation, the app and the website
will temporarily be taken down, the email said.

"As an immediate precaution, if you used the same password on other sites
or apps as you did for TaskRabbit, we recommend you change those now,"
according to the email.

TaskRabbit did not specify how many people were affected by the incident,
or what information was lost.

"We regret any inconvenience this may cause our clients and Taskers, and
will reschedule any uncompleted tasks as soon as possible. For any Tasker
who had a task scheduled today and is unable to complete the task, we will
compensate them appropriately," a TaskRabbit representative said in an
emailed statement.

The app reportedly had more than 1.25 million users in 2015.

On Twitter, TaskRabbit users have sent complaints to the company, pointing
out that TaskRabbit's website redirected them to a WordPress page showing
the app's Github account.

"hello @TaskRabbit I don't believe this is your website but this is what I
get when I try to visit your website HELP pic.twitter.com/qSrEGEdA1q"

— some guy (@catalanawinemxr) April 16, 2018

"Task Rabbit phishing attack. Emails sent out pointing to website which,
for a time, revealed @TaskRabbit's private Github, daily transaction
volumes, key employee information. @TaskRabbit you need to look into this
right now. I believe my account has been compromised.
pic.twitter.com/RcT6WXhW6l"

— Sam Rad 👾 (@_sam_rad) April 16, 2018

TaskRabbit responded to users on Twitter, writing that it's "aware of the
technical issue and are on the case!"

The WordPress page, wh1ter0sem4v.wordpress.com, has since been taken down.
The URL is a reference to an episode title from the first season of "Mr.
Robot," a popular show about hackers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180417/9140ecec/attachment.html>


More information about the BreachExchange mailing list