TaskRabbit, the handyman-for-hire app, just announced that their network had been hacked by cybercriminals, putting over 1.25 million Taskers at risk for having their personal and financial data stolen.
During the investigation, the app and website will be temporarily be taken down while cybersecurity investigators and law enforcement determine what happened.
We wanted to alert you because we know many mystery shoppers like to use systems like TaskRabbit, Fiverr, and GigWalk. Some stores and brands will hire mystery shoppers to perform small tasks, like take a picture of a store or buy a sandwich, and upload the results to the client.
The mystery shoppers are then paid by the client, and money is either placed into their app’s account, or they can be paid directly to your PayPal account. (Some apps may even let you connect directly to your bank account. We don’t suggest you do this.)
If you use TaskRabbit, or any other mystery shopping/task completion service, here are a few things you’ll want to do to protect yourself online (plus a few others in that link right there).
- Change your password. One of the things the criminals took were all the usernames and passwords of all the accounts. So change your password immediately. And use something that’s easy for you to remember, but hard to figure out. Don’t worry about the whole *8)R83CRD[$3cuZGq kind of password. Pick a really long sentence that only you will remember — HotDogsArenNotedForTheirUnusualHistory — and write it down somewhere. You should be using passwords like this all the time anyway. And if you can swing it, get a password vault like 1Password (which runs on Mac and Windows), or KeePass (which is free and Windows-based), and you can save all these complex passwords without having to ever remember them.
- If you’re on TaskRabbit, disconnect your PayPal or bank account. We’re not sure if the criminals can get your credentials this way, but you don’t want to find out that they were able to drain your PayPal account. Change your PayPall password while you;re at it.
- Set up a CreditKarma.com account. If you’re on TaskRabbit, they may offer you a free year of credit monitoring from someone like Equifax or Experian (which is a problem in itself, since Experian was hacked last year). But Credit Karma is more thorough and can help you keep an eye out on unusual transaction. Take the free credit monitoring they offer, but just know that if the criminals have your account information now, they can use it two years from now, long after the credit monitoring has run out.
- Change your email password. The worst thing that can happen is that you lose control of your email account. A crook only has to change your email password, and then start visiting sites like your PayPal account or bank, click the Forgot My Password link and enter your (their) email address. Then they’ve got your new password and access to your account.
- Turn on Two-Factor Authentication wherever possible. Two-factor authentication (TFA) is an extra security step that sends a short code to your mobile phone. When you log into your Gmail, PayPal, or other important sites, you’ll be asked for that code, and you can’t proceed until you give it. At the same time, if you ever receive a TFA code on your mobile phone for no reason, you’ll know that someone tried to get into your account, but can’t without that code.
At Measure CP, we take every measure we can to protect our mystery shoppers from cyberattacks and criminal activity, and we’re sure TaskRabbit did too. But there are so many ways for criminals to break in that no one can ever be 100% safe. (You only have to look at the Experian and Target data breaches to know that. The Target breach was through a third-party contractor who fell victim to a phishing email.)
So practice good web security. Use complicated, but easy-to-remember passwords, or better yet, store them in a password vault. Change any and all passwords associated with TaskRabbit or any other site that has been hacked. And turn on two-factor authentication on your important accounts, like your primary email, your bank, and anywhere else you want that extra measure of protection.
Photo credit: TypographyImages (Pixabay, Creative Commons 0)