Jason Koebler
On the Clock is Motherboard's reporting on the organized labor movement, gig work, automation, and the future of work.
Advertisement
Advertisement
Schumann, the Shipt spokesperson, said that the majority of gig workers who received the email to reset their password were inactive shoppers or were brand new to the platform and hadn't shopped yet. "As a preventative measure, we temporarily deactivated those accounts recognizing that those individuals were less likely to be closely watching their accounts," said Schumann. "Shoppers who were disabled in this process can contact support teams to have their accounts reactivated."Shipt has been telling workers that they should turn on two-factor authentication and search the website haveibeenpwned.com to see if their emails have been part of any data breaches. There does not appear to be any sort of specific breach at Shipt. Based on what Shipt has said about the hacks, it seems that either workers are reusing login credentials that have been hacked from other services, or their email accounts are being hacked, which would allow hackers to change a target's Shipt password and login to their account. Motherboard has seen posts on hacking forums that claim to have made "config" files for Shipt accounts, which would allow hackers to churn through a large number of login credentials quickly. There is no evidence to show that this is how this current wave of hacks happened, but shows that hackers are interested in targeting Shipt shoppers.Do you have a tip about the gig economy? We’d love to hear from you. Please get in touch with the the reporter Lauren at lauren.gurley@vice.com or privately on Signal 201-897-2109.
Advertisement
Advertisement