TaskRabbit

On Monday, April 16, a user of the online freelance marketplace TaskRabbit reported via her Twitter account that she had identified a phishing attack targeting TaskRabbit users along with a website that appeared to reveal TaskRabbit’s private GitHub account, daily transaction volumes, and key employee information. After disclosing these findings to the company, the TaskRabbit service was taken offline while an investigation into the incident took place. On April 17, TaskRabbit posted an account security update on its website to update its users on the status of the investigation. The NJCCIC recommends all TaskRabbit account holders who use the same login credentials for other online accounts proactively change those credentials and enable two-factor authentication (2FA) on any account that offers it to prevent additional account compromise.