“This attack happened because the TaskRabbit data is an interesting and valuable asset. Attacks of this nature are attempted when there is a potential gain for the attacker in this case, to monitize any personal information that can be obtained. All web applications are vulnerable, it’s only a matter of how much effort the attacker is required to expend. It’s really an economic problem where the payback has to be larger than the expended effort.
Any public facing web application that holds large amounts of personal information should have a comprehensive application security testing program in place to assess the application, it’s data stores, the infrastructure on which it runs, and the users assigned to manage and operate the overall system. Any weaknesses should be remediated in a prioritized way so that the potential for attack is reduced to the lowest possible level and maintained there. The focus should be on the economic equation, where the effort required to compromise the system is much greater than the value of any stolen information.” says Bob Egner VP at Outpost24.
