What You Need to Know About the TaskRabbit Hack
Now that TaskRabbit is disabled due to a hack, you won’t be able to use this service to call someone to help you with your day to day task. But this is a slight annoyance compared to the looming elephant in the room: your account information could have been compromised.
TaskRabbit tweeted yesterday afternoon that it is temporarily disabling its service, but the company did not indicate what impact this might have on the security of user accounts. However, he encouraged everyone to change their passwords if they use the same login and password combination on other sites or services. This is not good.
His website currently provides the same information along with a short FAQ. Don’t bother flipping through his questions, because all the important information you want to know – for example, “what information has been compromised?” – simply returns stereotyped responses: “We are working with an external cybersecurity firm and law enforcement to identify specifics about the incident, and we will provide additional information when we can.”
Preparing for the Looming Security Challenge
As mentioned, the least you should do in response to TaskRabbit problems is to think about where else you use your TaskRabbit password on the internet – it’s easy enough to tell if you are storing your passwords on a third party service like LastPass or 1Password .
While you should use a unique password for every site and service that password managers can help you handle, let’s be honest: a lot of people use the same password (or passwords) in everything they do. So, when problems like this arise, you have to do a little work to maintain your online security.
In addition, we do not yet know if the TaskRabbit hack affected the credit card numbers – either the ones that you could have specified when paying for the task, or anything that you could save for a more convenient payment. TaskRabbit uses Braintree to process payments, so it is possible that any issues with TaskRabbit will not affect your bottom line. (We have an email at Braintree to see what they have to say about payment security, and we’ll let you know what we find.)
That said, now would be a great time to check out and see if your credit card issuer offers any transaction alerts you might want to turn on over the next week or so (if that’s not too annoying). If not, make a calendar reminder to review your credit card statement later this month (and possibly next month, too) to make sure there aren’t any strange payments that your card issuer hasn’t automatically flagged, for any reason …
If you work for Tasker, it is possible that even additional information was compromised as a result of this hack, including your bank account number and routing number , your home address and your date of birth. The same tip applies: until TaskRabbit confirms which financial data was leaked as a result of this hack, if any, just keep a close eye on any accounts you connect to the service over the next months or two. If you notice any discrepancy, please report it immediately to your bank or credit card company.
You can also take a few more serious steps to protect your life from potential identity theft, such as setting up fraud alerts. While I would recommend waiting until TaskRabbit shares more information, just so you don’t go through these security measures unnecessarily, it definitely doesn’t hurt to review your options. It’s a shame you can’t just hire someone to help you monitor your finances and online safety – at least not through TaskRabbit.