Does TaskRabbit get hacked every 2 years?
TaskRabbit sent me an email they reset my password "out of an abundance of caution to protect your account". I assume this means they got hacked, and this is the weaselly corporate way of dealing with it without admitting anything. So I checked Google for any recent news about the hack. Didn't see anything (yet) but found articles from Dec 2020[1] and Apr 2018[2].
They have my payment info on file and there is no way to delete it. You can only change it to a different credit card.
[1]https://techcrunch.com/2020/12/22/taskrabbit-resets-passwords-suspicious-activity-network/
[2]https://lifehacker.com/what-you-need-to-know-about-the-taskrabbit-hack-1825319011
5 comments
[ 2.9 ms ] story [ 19.3 ms ] threadJust from a question standpoint of the general approach companies take in situations like this, do you think there should be repercussion from a legal standpoint when it comes to the compromising of user data that a company didn't adequately protect. I believe their are standard approach to protecting user data, which can result in standardization of security as it pertains to online companies.
What are your thoughts, not to hijack your question, but as a side inquiry into frequency of rabbit being hacked?
No, I don't. If you make a "legal penalty to being hacked" you reduce incentives for companies to admit it happened.
Like in this case they might have had a hack. Or they might not. But perhaps someone decides its better to be safe than sorry. But then legal steps in - no, you can't do that, it implies illegal activity.
Then there's "adequate protection". According to what standard? On what time scale? Which court has juristriction? Are you happy for the standard to be written in Europe? But applied in the US? What about multi-nationals? Security is a process, not an event. There are best practices, not" standards" - and those best practices change all the time.
And you can adhere to all the best practices, but suffer a breach because of social engineering, or a malicious employee etc.
Hacking is a part of society. Use unique, long, strong passwords. Assume all accounts will be hacked. Trying to make companies criminally liable won't fix the problem.
Regarding civil claims - they're already liable in the sense that you can sue anyone for anything (in the US anyway). If you can show damages, and convince a jury, then you're golden.
The one with the best UI is Privacy.com. It's free but it has to link to a debit card, not a credit card.
If you need a virtual card linked to a credit card, look at PayPal or Click to Pay.