TaskRabbit has detected suspicious activity on its network, and as such, an unknown number of forced password resets were set in motion.
According to the company, this is a preventative measure.
At a later point, confirmation came that the suspicious network activity in question was a credential stuffing attack.
This kind of attack involves matching existing login credentials (either breached or exposed) against different websites in an attempt to gain unauthorised access.
All users who logged in during the time of the attack or who have not logged in at all since 1st May 2020 will have been affected by this reset.
TaskRabbit’s official spokesperson said that the company emphasises protecting the personal information of its users and that vigilance remains a priority.
TaskRabbit’s customers were alerted to the incident via email, though the company’s explanation of the situation was somewhat vague.
In it, company officials claimed that the passwords had been changed recently as a security precaution.
However, the details regarding what prompted the account changes were left out.
In the email, TaskRabbit instructed its users to change their password via a special link after the next login.
As part of the instructions, the customers were asked to use a unique combination of letters, special characters and numbers that will be utilised for their TaskRabbit account exclusively.
Concluding with an apology, the company assured its users that the measures taken are in the best interest of protecting their safety and security.
It is common practice for companies to reset their users’ passwords following a security incident.
Another example of this took place last year, when StockX, an online apparel marketplace, decided to reset its users’ passwords.
StockX originally cited system updates, but later on, it was revealed to be due to spotting suspicious network activity.