BREAKING: Task Rabbit, LocalBlox, latest to acknowledge data breach incidents

Apr 18, 2018, 15:20 PM by Nuvision Credit Union  

Data Breach
Task Rabbit, the online marketplace that connects freelance labor with those who need handyman services, announced on April 16 that a hacker gained access to the data of potentially millions of customers. In addition, the data firm LocalBlox, which aggregates data from sites and social networks like Facebook and LinkedIn, “left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password.”

Task Rabbit “cybersecurity incident”

Task Rabbit is part of the furniture chain IKEA, which said it was investigating a “cybersecurity incident.”

The company didn’t disclose the number of users affected or what data may have been exposed or stolen. However, it’s website and app remain offline as of 9:30 a.m. on Wednesday, April 18. The Task Rabbit website included a message that “if you used the same password on other sites or apps as you did for TaskRabbit, we recommend you change those now.”

Task Rabbit

When changing your password, Nuvision recommends you consider the following:

  • Are any of your passwords less than 12 characters?
  • Do any of your passwords contain real words (colors, animals, or phrases), patterns (34567 or qwerty), or identifiable characteristics (names, locations, or dates)?
  • Do you use the same password for multiple accounts?

Read about 5 Steps to Create Strong, Unique and Readily Accessible Passwords.

LocalBlox exposed 48 million records

LocalBlox is a little known data firm that, according to ZDNet, “has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow … to produce profiles.” It does this “without the users' knowledge or consent.”

Cybersecurity firm UpGuard reported:

The UpGuard Cyber Risk Team can now confirm that a cloud storage repository containing information belonging to LocalBlox, a personal and business data search service, was left publicly accessible, exposing 48 million records of detailed personal information on tens of millions of individuals, gathered and scraped from multiple sources.

These leaks follow on the heels of recent cybersecurity incidents, such as the Facebook and Cambridge Analytica scandal, the Sears, Kmart, and Delta Air credit card exposure, and the Panera Bread, Saks, Lord & Taylor, and Under Armour MyFitnessPal data breaches.

Stay connected

To stay on top of Nuvision alerts and information related to the risks of fraud and identity theft, financial and data protection, and cybersecurity, check our Fraud Protection blog or follow Nuvision on Facebook and Twitter to receive updates when new articles are published.