Zack Whittaker

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.

The Latest from Zack Whittaker

New York attorney general orders stalkerware maker to notify hacked victims

A New York-based spyware maker has agreed to notify the individuals whose phones were compromised by its mobile surveillance software, following a deal with the New York attorney general’s offic

FTC slaps $1.5M fine on GoodRx for sharing users’ health data with Facebook and Google

Online pharmacy GoodRx has agreed to pay $1.5 million in civil penalties for years of sharing the health information of consumers with third parties like Facebook, Google and Criteo for advertising pu

Hotai Motor exposed thousands of iRent customer documents

Taiwanese automotive conglomerate Hotai Motor exposed reams of personal customer data from its car rental and carshare unit, iRent, until a security researcher found the data online last week. Even th

A network of knockoff apparel stores exposed 330,000 customer credit cards

If you recently made a purchase from an overseas online store selling knockoff clothes and goods, there’s a chance your credit card number and personal information were exposed. Since January 6,

A hack at ODIN Intelligence exposes a huge trove of police raid files

The breach exposes the police tech firm's own systems but also confidential law enforcement data uploaded by ODIN's police customers.

Mailchimp says it was hacked — again

Email marketing and newsletter giant Mailchimp says it was hacked and that dozens of customers’ data was exposed. It’s the second time the company was hacked in the past six months. Worse,

ODIN Intelligence website is defaced as hackers claim breach

The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday. The apparent hack comes days after Wired reported tha

Norton LifeLock says thousands of customer accounts breached

Thousands of Norton LifeLock customers had their accounts compromised in recent weeks, potentially allowing criminal hackers access to customer password managers, the company revealed in a recent data

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers’ data was stolen in a data breach last month. The company said in a

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes

A government watchdog has published a scathing rebuke of the Department of the Interior’s cybersecurity posture, finding it was able to crack thousands of employee user accounts because the depa

Microsoft ends Windows 7 security updates

Pour one out for Windows 7, the decade-old operating system that today reached the end of the security line. Some three years after Microsoft called time on mainstream support of Windows 7, the techno

Meet the cybercriminals of 2022

Arrested, seized, doxed and detained. These are just some of the ways police and prosecutors around the world took down the biggest cybercrime operations of the year, even if it meant resorting to new

It’s all in the (lack of) details: 2022’s badly handled data breaches

Data breaches can be extremely harmful to organizations of all shapes and sizes — but it’s how these companies react to the incident that can deal their final blow. While we’ve seen some exc

LastPass says hackers stole customers’ password vaults

Password manager giant LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach e

Even the FBI says you should use an ad blocker

This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI — which this week issued an alert warning that cyb

Support King, banned by FTC, linked to new phone spying operation

A year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found. A groundbreaking FTC order in 2021 ban

Parsing LastPass’ data breach notice

Two weeks ago, the password manager giant LastPass disclosed its systems were compromised for a second time this year. Back in August, LastPass found that an employee’s work account was compromi

Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones

Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited. The update, iOS 16.1.2, landed on November

Xnspy stalkerware spied on thousands of iPhones and Android devices

A little-known phone monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, the majority whose owners are unaware that their data has been compromised. Xnsp

Florida state tax website bug exposed filers’ data

A security flaw on the Florida Department of Revenue website exposed at least hundreds of taxpayers’ Social Security numbers and bank account numbers, a security researcher found. Kamran Mohsin
Load More