Exploit: Credential Stuffing
TaskRabbit: Microlabor Marketplace
Risk to Small Business: 2.803 = Moderate
Users of the Boston-based gig work platform TaskRabbit were surprised to get forced password reset notices when they logged in over the weekend. The company says it stopped a credential stuffing attack and did not suffer a breach or intrusion, but is having users reset their passwords “out of an abundance of caution”. The incident is still under investigation.
Individual Risk: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Credential stuffing attacks can be devastating. In this case, TaskRabbit got lucky, but they may not be as fortunate next time.