TaskRabbit is Back Online After Suspected Data Breach With Plans to Bolster Security

We may earn a commission from links on this page.

TaskRabbit, the handyman-for-hire app, is back online after being intentionally taken down on Monday following an apparent data breach.

“While our investigation is ongoing, preliminary evidence shows that an unauthorized user gained access to our systems,” the company said. “As a result, certain personally identifiable information may have been compromised.”

Founded in 2008, TaskRabbit is an online and mobile marketplace that matches “clients” with “taskers,” or people who’ll perform freelance labor, such as moving, cleaning, painting, and other general handyman tasks.


The San Francisco-based company began alerting users to a potential “cybersecurity incident” on Monday. It then immediately pulled its app and website offline in an effort to safeguard its users from further potential harm.

The company has not said precisely how the breach occurred, what information specifically may have been taken, or how long the alleged intruder had access to the material. However, the company said it has hired an outside forensics team and plans to continue offering updates.


“This is not the last time you will hear from us,” said Stacy Brown-Philpot, TaskRabbit’s chief executive, who said the company had been working “around the clock” over the past few days to investigate the matter and get its service back online.

“Our Taskers and Clients are the lifeblood of our business,” she said. “We care deeply about our community and are committed to being a better neighbor. With our website and apps back online, we hope you will give us the opportunity to regain your trust.”


As an immediate precaution, clients and taskers have been advised to change passwords and monitor their accounts for any suspicious activity. Anyone who uses their TaskRabbit password on other websites and apps should change them there as well.

In response to the apparent breach, the company said additionally that it is assessing ways to make its login process more secure, evaluating its data retention practices, and enhancing its network threat detection technology.