Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com and zack.whittaker@protonmail.com

The Latest from Zack Whittaker

A security bug in Google’s Android app put users’ data at risk

Until recently, Google’s namesake Android app, which has more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a vi

Supreme Court revives LinkedIn case to protect user data from web scrapers

The Supreme Court has given LinkedIn another chance to stop a rival company from scraping personal information from users’ public profiles, a practice LinkedIn says should be illegal but one tha

Google will let enterprises store their Google Workspace encryption keys

As ubiquitous as Google Docs has become in the last year alone, a major criticism often overlooked by the countless workplaces that use it is that it isn’t end-to-end encrypted, allowing Google

Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ details

Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet. The car maker said in a letter that the

Security flaws found in Samsung’s stock mobile apps

A mobile security startup has found seven security flaws in Samsung’s pre-installed mobile apps, which it says if abused could have allowed attackers broad access to a victim’s personal da

Ring refuses to say how many users had video footage obtained by police

Ring gets a lot of criticism, not just for its massive surveillance network of home video doorbells and its problematic privacy and security practices, but also for giving that doorbell footage to law

CISA launches platform to let hackers report security bugs to US federal agencies

The Cybersecurity and Infrastructure Security Agency has launched a vulnerability disclosure program allowing ethical hackers to report security flaws to federal agencies. The platform, launched with

Apple unveils new iOS 15 privacy features at WWDC

Apple kicked off its global annual developer conference, WWDC, with a ton of new features and technologies. TechCrunch has all the coverage here from the keynote. As with previous years, Apple has dro

Supreme Court limits US hacking law in landmark CFAA ruling

The Supreme Court has ruled that a police officer who searched a license plate database for an acquaintance in exchange for cash did not violate U.S. hacking laws. The landmark ruling concludes a long

FireEye to sell products unit to Symphony-led group for $1.2B

Cybersecurity giant FireEye has agreed to sell its products business to a consortium led by private equity firm Symphony Technology Group for $1.2 billion. The all-cash deal will split FireEye, the ma

Peloton and Echelon profile photo metadata exposed riders’ real-world locations

Security researchers say at-home exercise giant Peloton and its closest rival Echelon were not stripping user-uploaded profile photos of their metadata, in some cases exposing users’ real-world

Skiff, an end-to-end encrypted alternative to Google Docs, raises $3.7M seed

Imagine if Google Docs was end-to-end encrypted so that not even Google could access your documents. That’s Skiff, in a nutshell. Skiff is a document editor with a similar look and feel to Googl

Zocdoc says ‘programming errors’¬†exposed access to patients’ data

Zocdoc says it has fixed a bug that allowed current and former staff at doctor’s offices and dental practices to access patient data because their user accounts weren’t properly decommissi

Malware caught using a macOS zero-day to secretly take screenshots

Almost exactly a month ago, researchers revealed a notorious malware family was exploiting a never-before-seen vulnerability that let it bypass macOS security defenses and run unimpeded. Now, some of

US towns are buying Chinese surveillance tech tied to Uighur abuses

This story was reported in partnership with video surveillance news site IPVM. At least a hundred U.S. counties, towns and cities have bought China-made surveillance systems that the U.S. government h

So long, Internet Explorer, and your decades of security bugs

Pour one out for Internet Explorer, the long-enduring internet browser that’s been the butt of countless jokes about its speed, reliability and, probably most notable of all, security, which wil

Echelon exposed riders’ account data, thanks to a leaky API

Peloton wasn’t the only at-home workout giant exposing private account data. Rival exercise giant Echelon also had a leaky API that let virtually anyone access riders’ account information.

Short seller says Lemonade website bug exposed insurance customers’ account data

An activist short seller has written a letter to the chief executive of insurance giant Lemonade with details of an “accidentally discovered” security flaw that exposes customers’ ac

Peloton’s leaky API let anyone grab riders’ private account data

Halfway through my Monday afternoon workout last week, I got a message from a security researcher with a screenshot of my Peloton account data. My Peloton profile is set to private and my friend&#8217

What3Words sent a legal threat to a security researcher for sharing an open-source alternative

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Wor
Load More