TaskRabbit homepage

TaskRabbit, a web-based service that connects freelance handymen with clients in various local US markets, has emailed customers admitting it suffered a security breach.

The company has taken down its app and website while law enforcement and a private cyber-security firm are investigating the incident.

The hack appears to have taken place earlier today —US timezones— when users started posting on Twitter images showing defacements of some TaskRabit pages.

While the company did not initially admit it was hacked, it did send an email later in the day to its users.

"TaskRabbit is currently investigating a cybersecurity incident," the email stated. "We understand how important your personal information is and are working with an outside cybersecurity firm and law enforcement to determine the specific. In the meantime the app and the website are offline while our team works on this."

"As an immediate precaution, if you used the same password on other sites or apps as you did for TaskRabbit, we recommend you change those now."

It is unclear the extent of the security breach, if the attacker accessed user details, customers' financial data, or if he only defaced the site and left without touching anything else. We will update the story with more details when they become available.

UPDATE [April 18]: The TaskRabbit website is back up, along with a message from the company's CEO stating that " certain personally identifiable information may have been compromised" during this week's incident, but without providing any other details.

UPDATE [May 16]: In a data breach notification letter submitted to the Office of the Attorney General for the state of California, TaskRabbit admitted some truncated payment card data was stolen.

Related Articles:

California Voter Database Compromised in MongoDB Incident

Reddit Announces Security Breach After Hackers Bypassed Staff's 2FA

Timehop Security Breach Affects the Company’s Entire 21 Million Userbase

Macy’s Locks Small Number of Accounts Following Suspicious Logins, Fraud Reports

Ticketmaster Announces Data Breach Affecting 5% of All Users