Handyman-for-hire app TaskRabbit has been hit with a possible data breach this week. The company announced on Monday that users' personal information may have been compromised after an unauthorized party managed to gain access to its systems in April. TaskRabbit temporarily took down its website and app that matches "clients" with "taskers" or errand-runners who perform freelance labor and handyman tasks such as cleaning, painting, moving, etc.
The company said it learned of the intrusion on April 12 and immediately hired an outside forensics firm to investigate the incident. It has also informed and is still working closely with law enforcement as well.
Compromised information possibly included names, usernames, passwords, dates of birth, Social Security numbers, bank account numbers and truncated payment card information. It is still unknown how and when the attack occurred, and how many taskers and clients were affected in the breach. Users whose Social Security numbers or bank account numbers were compromised have been offered 12 months of free credit monitoring and identity restoration services.
TaskRabbit said there is currently no evidence to suggest that users' personal data has been misused so far, but has advised individuals to change their TaskRabbit password as well as those for other sites, if they happened to use the same credentials on other websites and services. Users unable to complete tasks on April 16 will be rescheduled with the help of a separate team or compensated accordingly, the company stated.
“Our Taskers and Clients are the lifeblood of our business,” the company said. “We care deeply about our community and are committed to being a better neighbor. With our website and apps back online, we hope you will give us the opportunity to regain your trust.”
TaskRabbit users reported on Twitter that the organization's website was redirecting them to a WordPress page showing the app's Github account. The URL “wh1ter0sem4v.wordpress.com” is a reference to the popular hacking show “Mr. Robot” and has since been taken down.
Founded in 2008, TaskRabbit was acquired by popular furniture company Ikea last September and has been allowed to operate independently. In 2015, it reported having garnered more than 1.25 million users in 2015. However, this data breach has sounded an alarm for other companies and raised questions over their cybersecurity defenses and practices as they quickly gain popularity among users.
TaskRabbit said it is taking several steps to prevent similar incidents in the future.
"We identified and closed the point of entry used by the unauthorized party," the company said. "We conducted scans of our systems to identify and address other potential vulnerabilities. We also are working to implement additional measures to enhance the security of our systems following this incident, including evaluating our data retention practices to reduce the amount of data we hold and enhancing overall network cyber threat detection technology."
This incident comes after a series of data breaches that were revealed by popular retailers and customer-service based organizations such as Sears, Delta Air Lines, Saks Fifth Avenue, and Panera Bread this month. The data breach involving Sears, Delta Air lines and Panera Bread lead to customers credit card and personal details of their customers exposed. One of the major data breaches involving Saks Fifth Avenue led to 145 million american people personal details compromised.