The news surfaced online as various customers flooded the social media about receiving emails from TaskRabbit asking to change passwords. Some users even questioned the company whether it has faced a data breach.
https://twitter.com/Artemu/status/1340806161382199304
- Artemu
https://twitter.com/innanetmatt/status/1341559419885088768
- innanetmatt
Certainly, the users weren’t wrong in asking such questions since TaskRabbit had previously suffered a breach in 2018.I got the same email. Smells of data breach
— Henry Bennett (@islandwall) December 21, 2020
However, this time, it seems things weren’t so severe. According to TechCrunch, TaskRabbit reset customers’ passwords after a credential stuffing attack.
In such attempts, the attacks try to break into users’ accounts by matching known or breached usernames and passwords with users’ accounts on a target website.
We acted in an abundance of caution and reset passwords for many TaskRabbit accounts, including all users who had not logged in since May 1, 2020, as well as all users who logged in during the time period of the attack, even though most of the latter activity was attributable to users’ regular use of our services.So, now, all users who have received that somewhat vague email from TaskRabbit should trust the email’s legitimacy. Also, they should make sure to (now) set unique passwords to their accounts, something they don’t use on any other account. It's especially important given the increase of cyber attacks due to password reuse.
Let us know your thoughts in the comments.