Ikea's freelance labor marketplace Task Rabbit temporarily shut down its app and website amid an investigation of a “cyber-security incident."
The task-for-hire service also urged customers to change their passwords if they had reused their Task Rabbit credentials on other sites, said it is working with an outside cybersecurity firm and has notified law enforcement, according to a message attached to an April 16 tweet.
"We will update affected individuals as more information becomes available," the company said in the statement.
It is unclear how many users were affected or how threat actors compromised the system. Paul Edon, director at Tripwire told SC Media the attack is a reminder of why phishing is a popular attack method.
“Individuals must show extreme caution to all links and attachments sent to them and have the mindset that if it looks too good to be true, then avoid it at all costs,” Edon said. Organisations also have a role to play in reducing the threat posed by such attacks.”
He went on to say hackers are constantly developing new tricks to dupe unsuspecting users and that organizations must adopt a pro-active stance to help reduce the threat.
The incident is also a warning for companies. Rob Tate, a security researcher at WhiteHat Security, told SC Media the incident also highlights the importance for companies to frequently update their apps, especially when acquiring new companies such as the case with Ikea buying TaskRabbit.
“TaskRabbit is a great example of how small businesses can thrive thanks to the popularity and widespread use of apps in today's modern world, and consumers can find services in just a few clicks,” Tate said. “To stay ahead of the game in terms of usability and enhanced features, apps are continuously being updated.”
He went on to say that it's critical that the company being acquired take the proper measures to build security into their development practice and that due diligence on the security of acquisitions of big software programs or cloud services be done.
A TaskRabbit spokesperson sent the following statement to SC Media.
"While our investigation is ongoing, preliminary evidence shows that an unauthorized user gained access to our systems. As a result, certain personally identifiable information may have been compromised. We have an outside forensics team working diligently to determine what information may have been compromised, and we will notify every affected individual."
UPDATE: This article has been updated to include comments from TaskRabbit.