News and Updates on Information Technology

United States – TaskRabbit

Exploit: Credential Stuffing
TaskRabbit: Microlabor Marketplace

Risk to Small Business: 2.803 = Moderate

Users of the Boston-based gig work platform TaskRabbit were surprised to get forced password reset notices when they logged in over the weekend. The company says it stopped a credential stuffing attack and did not suffer a breach or intrusion, but is having users reset their passwords “out of an abundance of caution”. The incident is still under investigation.

Individual Risk: No personal data was reported as exposed in the incident at this time, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing attacks can be devastating. In this case, TaskRabbit got lucky, but they may not be as fortunate next time.