If you’ve ever used TaskRabbit, start changing your passwords.
That’s the advice the odd-jobbing company gave out Monday afternoon as it took its own website and app offline to investigate a security incident. As of Tuesday morning, the site was still down.
TaskRabbit allows users to offer or employ services like dog walking, home maintenance, and errand-running. It operates in 40 U.S. cities and in London. Ikea bought the company in September for an undisclosed sum.
Here’s what we know.
The incident first appeared to be a technical glitch that redirected users to a WordPress site when they tried to visit TaskRabbit.
Another Twitter user indicated she landed on the site after receiving a link in what she believes was a phishing email. Beyond that, the company hasn’t provided much information about how the attacker got in, who perpetrated the attack, or what information may have been stolen, though it has promised to provide more information when it can.
How is TaskRabbit addressing this issue?
The company is working with cybersecurity experts and law enforcement to determine the specifics of the incident. They’ve promised to keep account holders up to date throughout the process.
What can users do to protect themselves?
The company is advising users to change their password on any account for which they use the same password they use on TaskRabbit, which is a good practice anyway. Beyond that, there isn’t much to do except wait. TaskRabbit has said they’ll get in touch with individual users as they learn more about whose account was hacked and what information might have been compromised.
What about all the un-tasked tasks?
Once the site is up and running, TaskRabbit will work with clients and “Taskers” to reschedule any work that was affected by the outage, including compensation for some Taskers.