Zack Whittaker

Zack Whittaker

Security editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

He can also be reached by email: zack.whittaker@techcrunch.com.

The Latest from Zack Whittaker

Marriott now lets you check if you’re a victim of the Starwood hack

Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack. The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to loo

Even years later, Twitter doesn’t delete your direct messages

When does "delete" really mean delete? Not always, or even at all, if you're Twitter.

Hacker who stole 620 million records strikes again, stealing 127 million more

A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned. The hacker, whose listing was the previou

Reddit says government data requests more than doubled in 2018

Reddit has said the number of government requests for user data more than doubled in 2018 than on the previous year. The news and content sharing site said in its latest transparency report, posted We

DOJ charges former US Air Force officer with spying for Iran

Prosecutors have brought charges against a former Air Force officer for allegedly spying for Iran, the Justice Department confirmed Wednesday. Monica Witt, a former Air Force counter-intelligence offi

What Amazon’s purchase of Eero means for your privacy

In case you hadn’t seen, Amazon is buying router maker Eero. And in case you hadn’t heard, people are pretty angry. Deluged in a swarm of angry tweets and social media posts, many have tak

Lenovo Watch X was riddled with security bugs, researcher says

Lenovo’s Watch X was widely panned as “absolutely terrible.” As it turns out, so was its security. The low-end $50 smartwatch was one of Lenovo’s cheapest smartwatches. Availa

Users complain of account hacks, but OkCupid denies a data breach

It’s bad enough that dating sites are a pit of exaggerations and inevitable disappointment, they’re also a hot target for hackers. Dating sites aren’t considered the goldmine of pers

Internet-connected industrial refrigerators can be remotely defrosted, thanks to default passwords

Security researchers have found thousands of individually exposed internet-connected industrial refrigerators that can be easily remotely instructed to defrost. The vulnerable temperature controlled

Apple tells app developers to disclose or remove screen recording code

Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the app store

Apple to compensate teenager who found Group FaceTime eavesdrop bug

Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up. The bug was initially reported to Apple b

Segmented security startup Illumio raises $65M in Series E round

Illumio has raised $65 million in its latest round of funding, the security startup has confirmed. The news comes just weeks after the company was expected to announce a $50 million Series E round, bu

Many popular iPhone apps secretly record your screen without asking

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need

Justice Department: No evidence of vote hacking during 2018 election

There is “no evidence to date” that any foreign government had a material impact on voting machines or infrastructure during the 2018 midterm elections, according to a new classified repor

Bots are cheap and effective. One startup trolls them into going away

Bots are ruining the internet. When they’re not pummeling a website with usernames and passwords from a long list of stolen credentials, they’re scraping the price of hotels or train ticke

Everything you need to know about Facebook, Google’s app scandal

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a da

Apple fixes FaceTime eavesdrop bug, with software update incoming

Three days after Apple pulled its new Group FaceTime feature offline after users found they could eavesdrop on people before accepting a call, the company says it has fixed the bug on its end. “We h

Indian state government leaks thousands of Aadhaar numbers

A lapse in security has led to the leaking of more than 100,000 Aadhaar numbers, TechCrunch can reveal. One of the web systems used to record attendance of government workers for the Indian state of J

Amazon’s barely-transparent transparency report somehow gets more opaque

Amazon posted its bi-annual report Thursday detailing the number of government data demands it receives. The numbers themselves are unremarkable, neither spiking nor falling in the second-half of la

Apple restores Google’s internal iOS apps after certificate misuse punishment

Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates. “We’re working
Load More