Odd-job marketplace TaskRabbit has taken its website offline and urged users to change any online passwords reused on the platform after a suspected breach.
The IKEA-owned firm posted a brief statement on the holding page, claiming it is investigating a “cybersecurity incident.”
“Our entire team is working around the clock with an outside cybersecurity firm and law enforcement to determine the specifics. The app and the website are offline while our team works on this. In the interim, we have dispatched a large team to work with Taskers and clients via phone to help them schedule and complete pending tasks,” it said.
“We’re working to get the site back online as quickly as possible and continuing our investigation into the incident. We will be back in contact with you with more information once we have it. As an immediate precaution, if you used the same password on other sites or apps as you did for TaskRabbit, we recommend you change those now.”
The final piece of advice would seem to suggest that at least some log-ins have been compromised as a result of the “incident.”
Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, claimed that taking its site offline threatens the firm’s brand, but that it was probably the right approach.
"If the company had continued to process sensitive information such as card data while vulnerability was open, the cost could have been far greater,” she added. “Stopping business temporarily is sometimes the best option, and is certainly a far better approach than that taken by Equifax, for example, which continued operation in spite of a vulnerability."
Last week, UK train company Great Western Rail was forced to reset passwords for one million accounts after a small number, around 1000, were accessed by unauthorized parties.