TaskRabbit has reset an unknown number of customer passwords after confirming it detected “suspicious activity” on its network.
The IKEA -owned online marketplace for on-demand labor said it reset user passwords out of an abundance of caution and that it “took steps to prevent access to any user accounts,” a TaskRabbit spokesperson told TechCrunch.
The company later confirmed it was a credential stuffing attack, where existing sets of exposed or breached usernames and passwords are matched against different websites to access accounts.
“We acted in an abundance of caution and reset passwords for many TaskRabbit accounts, including all users who had not logged in since May 1, 2020, as well as all users who logged in during the time period of the attack, even though most of the latter activity was attributable to users’ regular use of our services,” the spokesperson said.
“As always, the safety and security of the TaskRabbit community is our priority, and we will continue to be vigilant about protecting our users’ personal information,” said the spokesperson.
TaskRabbit customers were alerted to the incident in a vague email that only noted their password had been recently changed “as a security precaution,” without saying what specifically prompted the account change. TechCrunch confirmed that the email was legitimate.
The password reset email sent to TaskRabbit customers. (Image: Sarah Perez/TechCrunch)
It’s not uncommon for companies to reset passwords after a security incident where customer or account information is accessed or stolen in a breach.
Last year, online apparel marketplace StockX reset customer passwords after initially citing “system updates,” but later admitted it took action after it found suspicious activity on its network. Days later, a hacker provided TechCrunch with 6.8 million StockX account records stolen from the company’s servers.
TaskRabbit’s freelance labor marketplace was founded in 2008, and grew over time from an auction-style platform for negotiating tasks and errands to a more mature and tailored marketplace to match customers with contractors. That eventually attracted the attention of furniture retailer IKEA, which bought the startup in September 2017 after TaskRabbit put itself on the market for a strategic buyer.
The year after the acquisition, however, TaskRabbit had to take its website and app down due to a “cybersecurity incident.” The company later revealed an attacker had gained unauthorized access to its systems. Then-TaskRabbit CEO Stacy Brown-Philpot said the company had contracted with an outside forensics team to identify what customer information had been compromised by the attack, and urged both users and providers to stay vigilant in monitoring their own accounts for suspicious activity.
Following the attack, the company said it was implementing several new security measures and would work on making the log-in process more secure. It also said it would reduce the amount of data retained about taskers and customers as well as “enhance overall network cyber threat detection technology.”
Updated with additional comment from TaskRabbit.
AWS today opened its re:Invent conference with a surprise announcement: the company is bringing the Mac mini to its cloud. These new EC2 Mac instances, as AWS calls them, are now available in preview. They won’t come cheap, though.
The target audience here — and the only one AWS is targeting for now — is developers who want cloud-based build and testing environments for their Mac and iOS apps. But it’s worth noting that with remote access, you get a fully-featured Mac mini in the cloud, and I’m sure developers will find all kinds of other use cases for this as well.
Given the recent launch of the M1 Mac minis, it’s worth pointing out that the hardware AWS is using — at least for the time being — are i7 machines with six physical and 12 logical cores and 32 GB of memory. Using the Mac’s built-in networking options, AWS connects them to its Nitro System for fast network and storage access. This means you’ll also be able to attach AWS block storage to these instances, for example.
Unsurprisingly, the AWS team is also working on bringing Apple’s new M1 Mac minis into its data centers. The current plan is to roll this out “early next year,” AWS tells me, and definitely within the first half of 2021. Both AWS and Apple believe that the need for Intel-powered machines won’t go away anytime soon, though, especially given that a lot of developers will want to continue to run their tests on Intel machines for the foreseeable future.
David Brown, AWS’s vice president of EC2, tells me that these are completely unmodified Mac minis. AWS only turned off Wi-Fi and Bluetooth. It helps, Brown said, that the minis fit nicely into a 1U rack.
“You can’t really stack them on shelves — you want to put them in some sort of service sled [and] it fits very well into a service sled and then our cards and all the various things we have to worry about, from an integration point of view, fit around it and just plug into the Mac mini through the ports that it provides,” Brown explained. He admitted that this was obviously a new challenge for AWS. The only way to offer this kind of service is to use Apple’s hardware, after all.
It’s also worth noting that AWS is not virtualizing the hardware. What you’re getting here is full access to your own device that you’re not sharing with anybody else. “We wanted to make sure that we support the Mac Mini that you would get if you went to the Apple store and you bought a Mac mini,” Brown said.
Unlike with other EC2 instances, whenever you spin up a new Mac instance, you have to pre-pay for the first 24 hours to get started. After those first 24 hours, prices are by the second, just like with any other instance type AWS offers today.
AWS will charge $1.083 per hour, billed by the second. That’s just under $26 to spin up a machine and run it for 24 hours. That’s quite a lot more than what some of the small Mac mini cloud providers are charging (we’re generally talking about $60 or less per month for their entry-level offerings and around two to three times as much for a comparable i7 machine with 32GB of RAM).
Until now, Mac mini hosting was a small niche in the hosting market, though it has its fair number of players, with the likes of MacStadium, MacinCloud, MacWeb and Mac Mini Vault vying for their share of the market.
With this new offering from AWS, they are now facing a formidable competitor, though they can still compete on price. AWS, however, argues that it can give developers access to all of the additional cloud services in its portfolio, which sets it apart from all of the smaller players.
“The speed that things happen at [other Mac mini cloud providers] and the granularity that you can use those services at is not as fine as you get with a large cloud provider like AWS,” Brown said. “So if you want to launch a machine, it takes a few days to provision and somebody puts a machine in a rack for you and gives you an IP address to get to it and you manage the OS. And normally, you’re paying for at least a month — or a longer period of time to get a discount. What we’ve done is you can literally launch these machines in minutes and have a working machine available to you. If you decide you want 100 of them, 500 of them, you just ask us for that and we’ll make them available. The other thing is the ecosystem. All those other 200-plus AWS services that you’re now able to utilize together with the Mac mini is the other big difference.”
Brown also stressed that Amazon makes it easy for developers to use different machine images, with the company currently offering images for macOS Mojave and Catalina, with Big Sure support coming “at some point in the future.” And developers can obviously create their own images with all of the software they need so they can reuse them whenever they spin up a new machine.
“Pretty much every one of our customers today has some need to support an Apple product and the Apple ecosystem, whether it’s iPhone, iPad or Apple TV, whatever it might be. They’re looking for that bold use case,” Brown said. “And so the problem we’ve really been focused on solving is customers that say, ‘hey, I’ve moved all my server-side workloads to AWS, I’d love to be able to move some of these build workflows, because I still have some Mac minis in a data center or in my office that I have to maintain. I’d love that just to be on AWS.’ ”
AWS’s marquee launch customers for the new service are Intuit, Ring and mobile camera app FiLMiC.
“EC2 Mac instances, with their familiar EC2 interfaces and APIs, have enabled us to seamlessly migrate our existing iOS and macOS build-and-test pipelines to AWS, further improving developer productivity,” said Pratik Wadher, vice president of Product Development at Intuit. “We‘re experiencing up to 30% better performance over our data center infrastructure, thanks to elastic capacity expansion, and a high availability setup leveraging multiple zones. We’re now running around 80% of our production builds on EC2 Mac instances, and are excited to see what the future holds for AWS innovation in this space.”
The new Mac instances are now available in a number of AWS regions. These include US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland) and Asia Pacific (Singapore), with other regions to follow soon.
Call it a holiday miracle. Apple today announced that animated holiday classics “A Charlie Brown Thanksgiving” and “A Charlie Brown Christmas” will, indeed, be appearing on television this year. The news comes after some pushback against an Apple TV+ exclusive that found the Peanuts cartoons being pulled from TV broadcast.
As we noted last month, the deal would mark the first time in 55 years the beloved Christmas special wouldn’t be broadcast on network television. Both holiday specials appeared to be resolved to a similar fate as the 1966 Halloween special, “It’s the Great Pumpkin, Charlie Brown.”
While Apple’s rights had a clause that involved a window for free broadcast, it was hard to shake the feeling that relegating a holiday tradition to a premium subscription service flew in the face of the original special’s staunch, anti-consumer message.
Thankfully, in addition to appearing on TV+, “A Charlie Brown Thanksgiving” will appear on PBS and PBS on November 22, 2020 at 7:30 pm local time/6:30 pm CT, while “A Charlie Brown Christmas” will air on December 13, 2020 at 7:30 pm local time/6:30 pm CT.
It’s a small victory, perhaps, but these days we’ll take them where we can get them. And this time without ads.