Zack Whittaker

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.

The Latest from Zack Whittaker

Google is notifying Android users targeted by Hermit government-grade spyware

Security researchers at Lookout recently tied a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software house RCS Lab. Now, Google threat researchers have confirmed much of

Ex-Amazon employee convicted over data breach of 100 million CapitalOne customers

Paige Thompson, a former Amazon employee accused of stealing the personal information of 100 million customers by breaching banking giant CapitalOne in 2019, has been found guilty by a Seattle jury on

Researchers say Hermit, a powerful mobile spyware, is used by governments

Security researchers at Lookout have released new details about an Android spyware deployed in targeted attacks by national governments, with victims in Kazakhstan, Syria and Italy. The spyware, which

India’s farmers exposed by new Aadhaar data leak

A security researcher said an Indian government website was exposing the Aadhaar numbers of India’s farmers, potentially amounting to millions of people. Atul Nair told TechCrunch that he found

Caught COVID-19 abroad? Good luck, you might get stuck

The idea of being stranded on a Caribbean island might not sound like the worst thing in the world after two years of a pandemic, but speaking from experience, it’s not as fun as it sounds. I ca

Thousands of Mobike users’ passports and IDs exposed online

A massive trove of more than 120,000 passports, drivers licenses and identity documents uploaded by users of bike-sharing service Mobike have been found online. Security researcher Bob Diachenko foun

macOS will soon block unknown USB-C accessories by default

A new security feature in Apple’s upcoming macOS 13 Ventura will automatically block new USB-C devices from communicating with the operating system until the accessory can be approved by the use

NJ talent firm exposed thousands of resumes, detailing immigration statuses and security clearances

A New Jersey talent acquisition firm exposed the resumes and personal information of at least 30,000 prospective workers by leaving a database on the internet without a password. The database belongs

Hackers compromised some Zola user accounts to buy gift cards

Zola, a wedding planning startup that allows couples to create websites, budgets and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems.

DOJ says it will no longer prosecute good-faith hackers under CFAA

The U.S. Justice Department announced Thursday it will not bring charges under federal hacking laws against security researchers and hackers who act in good faith. The policy for the first time &#8220

Texas exposed 1.8 million residents’ data for almost 3 years

The personal information of 1.8 million Texas residents who filed insurance claims with the Texas Department of Insurance was exposed and publicly accessible for almost three years, according to a rec

Socket lands $4.6M to audit and catch malicious open source code

Securing the software supply chain is admittedly somewhat of a dry topic, but knowing which components and code go into your everyday devices and appliances is a critical part of the software developm

Google, Microsoft and Yahoo back New York ban on controversial search warrants

A coalition of tech giants, including Google, Microsoft and Yahoo, have pledged support for a New York bill that would ban the use of controversial search warrants that can identify people based on th

Workrise fixes API that spilled users’ personal information

Workforce management unicorn Workrise has fixed an exposed API that was spilling some users’ personal information. The Austin, Texas-based startup, which previously went by RigUp, was founded in

Health startup myNurse to shut down after data breach exposed health records

myNurse, a healthcare startup that provides chronic care management and remote patient monitoring services, said it will shut down at the end of the month after reporting a data breach that exposed pe

How to remove your personal information from Google search results

Cybersecurity 101: It's now easier to request the removal of your personal information from Google search results.

US offers bounty for Sandworm, the Russian hackers blamed for destructive cyberattacks

The U.S. government has stepped up its hunt for six Russian intelligence officers, best known as the state-backed hacking group dubbed “Sandworm,” by offering a $10 million bounty for info

Web scraping is legal, US appeals court reaffirms

Good news for archivists, academics, researchers and journalists: Scraping publicly accessible data is legal, according to a U.S. appeals court ruling. The landmark ruling by the U.S. Ninth Circuit of

‘Always on and watching’: A former Xinjiang prisoner describes life inside China’s detention camps

For 10 months in 2018, Ovalbek Turdakun was a prisoner in one of China’s notorious detention camps, where he was tortured, subject to horrific conditions and under constant surveillance. In a ma

HacWare lands $2.3M to expand cybersecurity awareness training

If you work at a company above a certain size, you’ll understand just how little patience we all feel for internal phishing awareness, even despite the fact that phishing remains one of the lead
Load More