TaskRabbit, a company that connects "Taskers" willing to do odd jobs with "Clients" who need those jobs done, brought its app and website back online after an unspecified "cybersecurity incident." The company hasn't said what information may have been compromised by the incident, but it did say that everyone who uses its platform should look out for suspicious activity and make sure their passwords aren't used elsewhere.
Details about the incident are sparse so far. TaskRabbit said in an email to users that "preliminary evidence shows that an unauthorized user gained access to our systems" and that "certain personally identifiable information may have been compromised" as a result. It's not clear if the company suspects it knows who accessed the systems, what data was accessible, or what type of personal information TaskRabbit collects from its users.
It's important to note that breaches affecting TaskRabbit and other "gig economy" companies like Uber can be wider-reaching than other service providers. That's because these companies don't have employees who do menial tasks or drive people around--they merely serve as middlemen between people willing to do the work and people willing to pay for it. Both sides of the transaction have to share information with the companies.
TaskRabbit said it's planning to mitigate that risk by taking the following steps:
- Examining ways to make our login processes more secure;
- Evaluating our data retention practices to reduce the amount of data we hold on Taskers and Clients, where appropriate; and
- Enhancing overall network cyber threat detection technology
The company did not offer a timeline for when it expects to make those changes, or what exactly they will entail. Note that TaskRabbit didn't promise much with those goals--it's merely "examining" and "evaluating" ways to make login processes more secure and reduce the amount of data it holds. Those are lofty goals, but the company wouldn't have to do much before it can mark that task as complete and continue going about its business.
TaskRabbit said that all previously scheduled tasks will be completed as expected. It's also "working with an outside cybersecurity firm and law enforcement to determine specifics of the incident" and plans to notify everyone who was affected by the data breach as soon as the investigation concludes. Updates about the investigation and its ramifications will be posted to a dedicated page on the TaskRabbit website.