TaskRabbit, the freelance jobs website which was purchased by Ikea in 2017, recently suffered a breach that resulted in a temporary shutdown, Ikea has confirmed.
TaskRabbit’s website is yet to be restored but features a statement from Ikea that seeks to reassure website visitors and freelancers that a ‘cyber security incident’ is being investigated with the help of an outside cyber security firm.
Incidentally, the hack took place just a month after the website went live in Birmingham and Manchester after launching in Wembley and Bristol a few months ago.
“TaskRabbit is currently investigating a cyber security incident. We understand how important your personal information is and are working with an outside cybersecurity firm and law enforcement to determine the specifics. The app and the website are offline while our team works on this.
“We will be back in contact with you with more information once we have it. As an immediate precaution, if you used the same password on other sites or apps as you did for TaskRabbit, we recommend you change those now.
“Thank you for your patience while we investigate the issue and for being such an important part of our community,” read Ikea’s statement. The Information Commissioner’s Office is aware of the “cyber security incident” and is looking into the situation.
While the statement is quite vague in terms of when the hack took place, was any personal information stolen by hackers, and how long did it take the firm to discover the incident, the wording does imply that certain personal information may have been breached.
“The TaskRabbit hack is an unfortunate reminder of why phishing is a popular attack method as it targets human naivety. Individuals must show extreme caution to all links and attachments sent to them and have the mindset that if it looks too good to be true, then avoid it at all costs,” says Paul Edon, director at Tripwire.
“Organisations also have a role to play in reducing the threat posed by such attacks. Take a proactive step by implementing security services that offer anti-phishing services as well as introduce training for employees to understand the consequences of clicking unknown emails.
“Hackers are constantly developing new tricks to dupe unsuspecting users, so organisations must adopt a pro-active stance to help reduce the threat,” he adds.
“This is an indication of how comprehensively nefarious actors can interfere with business functions–and potentially harm users. To take control of a website and expose such trusted resources as TaskRabbit’s GitHub repository, as well as daily transaction volumes and information regarding employees, the threat actors must have had comprehensive access to the network,” says Tim Helming, director of product management at DomainTools.
“While we don’t yet know the specifics of how this attack unfolded, it is a good reminder of the importance of practices such as least-privilege access controls, robust network segmentation, and strong phishing controls. Organizations need to take cybersecurity seriously, particularly when it could affect the livelihood, reputation and privacy of both employees and service users,” he adds.