The help-for-hire service is investigating an incident in which users were redirected to a suspicious WordPress page.
UPDATED TaskRabbit is now back online four days after the incident was reported.
TaskRabbit has pulled its app while it investigates a ‘cybersecurity incident’, the company told users last night.
The app, which matches customers to DIY experts, suffered a cyber breach which saw an unknown number of users redirected to a WordPress page displaying TaskRabbit’s GitHub information.
Data such as the company’s private GitHub account details, daily transaction numbers and key employee information was apparently visible to customers visiting the website.
TaskRabbit, which was acquired by Ikea in September, told users to change their passwords as a precaution.
An email sent to consumers read: “As an immediate precaution, if you used the same password on other sites or apps as you did for TaskRabbit, we recommend you change those now.
“We regret any inconvenience this may cause our clients and Taskers, and will reschedule any uncompleted tasks as soon as possible.
“For any Tasker who had a task scheduled today and is unable to complete the task, we will compensate them appropriately.”
Specifics of what data was accessed and how security systems were breached has yet to be released.
But TaskRabbit, which boasts more than 1.25 million users, said it is looking into the incident.
The WordPress page – wh1ter0sem4v.wordpress.com – has since been taken down.
This article has been updated for clarity.