The company later confirmed that it was a attack credential stuffing, where existing sets of exposed or compromised usernames and passwords are assigned to different sites for accessing accounts.
"We acted with great care and reset the passwords for many TaskRabbit accounts, including all users who were not logged in as of May 1, 2020, and all users who logged in at the time of the attack, although the activity is due to regular use of our services by them users", Said the spokesman.
"As always, the safety of the TaskRabbit community is our priority and we will continue to be vigilant about protecting our users' personal information. "
TaskRabbit customers were notified of the incident in a vague email stating that their password had recently been changed "as a security measure", but did not explain what led to this action.
It is not uncommon for companies to reset passwords after a security incident where customers or account information has been compromised or stolen.
TaskRabbit was founded in 2008 and has grown over time from a platform auction to negotiate tasks and issues in a more mature and tailored market to match clients with contractors. This finally caught the attention of furniture retailer IKEA, which bought the company in September 2017.
One year after its acquisition, however, TaskRabbit had to shut down the site and its application due to a "security incident in the cyberspace». The company later revealed that one intruder had gained unauthorized access to its systems.
Following the attack, the company said it was implementing several new security measures and would work to make the connection process more secure. It also said it would reduce the amount of data stored on its employees and customers, and "improve the overall cyber threat detection technology".