Zack Whittaker

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.

The Latest from Zack Whittaker

Caught COVID-19 abroad? Good luck, you might get stuck

The idea of being stranded on a Caribbean island might not sound like the worst thing in the world after two years of a pandemic, but speaking from experience, it’s not as fun as it sounds. I ca

Thousands of Mobike users’ passports and IDs exposed online

A massive trove of more than 120,000 passports, drivers licenses and identity documents uploaded by users of bike-sharing service Mobike have been found online. Security researcher Bob Diachenko foun

macOS will soon block unknown USB-C accessories by default

A new security feature in Apple’s upcoming macOS 13 Ventura will automatically block new USB-C devices from communicating with the operating system until the accessory can be approved by the use

NJ talent firm exposed thousands of resumes, detailing immigration statuses and security clearances

A New Jersey talent acquisition firm exposed the resumes and personal information of at least 30,000 prospective workers by leaving a database on the internet without a password. The database belongs

Hackers compromised some Zola user accounts to buy gift cards

Zola, a wedding planning startup that allows couples to create websites, budgets and gift registries, has confirmed that hackers gained access to user accounts but has denied a breach of its systems.

DOJ says it will no longer prosecute good-faith hackers under CFAA

The U.S. Justice Department announced Thursday it will not bring charges under federal hacking laws against security researchers and hackers who act in good faith. The policy for the first time &#8220

Texas exposed 1.8 million residents’ data for almost 3 years

The personal information of 1.8 million Texas residents who filed insurance claims with the Texas Department of Insurance was exposed and publicly accessible for almost three years, according to a rec

Socket lands $4.6M to audit and catch malicious open source code

Securing the software supply chain is admittedly somewhat of a dry topic, but knowing which components and code go into your everyday devices and appliances is a critical part of the software developm

Google, Microsoft and Yahoo back New York ban on controversial search warrants

A coalition of tech giants, including Google, Microsoft and Yahoo, have pledged support for a New York bill that would ban the use of controversial search warrants that can identify people based on th

Workrise fixes API that spilled users’ personal information

Workforce management unicorn Workrise has fixed an exposed API that was spilling some users’ personal information. The Austin, Texas-based startup, which previously went by RigUp, was founded in

Health startup myNurse to shut down after data breach exposed health records

myNurse, a healthcare startup that provides chronic care management and remote patient monitoring services, said it will shut down at the end of the month after reporting a data breach that exposed pe

How to remove your personal information from Google search results

Cybersecurity 101: It's now easier to request the removal of your personal information from Google search results.

US offers bounty for Sandworm, the Russian hackers blamed for destructive cyberattacks

The U.S. government has stepped up its hunt for six Russian intelligence officers, best known as the state-backed hacking group dubbed “Sandworm,” by offering a $10 million bounty for info

Web scraping is legal, US appeals court reaffirms

Good news for archivists, academics, researchers and journalists: Scraping publicly accessible data is legal, according to a U.S. appeals court ruling. The landmark ruling by the U.S. Ninth Circuit of

‘Always on and watching’: A former Xinjiang prisoner describes life inside China’s detention camps

For 10 months in 2018, Ovalbek Turdakun was a prisoner in one of China’s notorious detention camps, where he was tortured, subject to horrific conditions and under constant surveillance. In a ma

HacWare lands $2.3M to expand cybersecurity awareness training

If you work at a company above a certain size, you’ll understand just how little patience we all feel for internal phishing awareness, even despite the fact that phishing remains one of the lead

Autonomous robots used in hundreds of hospitals at risk of remote hijacks

A decade ago security researcher Barnaby Jack famously wirelessly hacked a hospital insulin pump live on stage in front of hundreds of people to demonstrate how easily it could be compromised to deliv

‘We probably pissed away $200 million,’ Better.com CEO told employees in layoffs meeting

When Better.com CEO Vishal Garg laid off 900 employees, or about 9% of the company’s staff, in early December, the startup world was shocked by his callous delivery. Now a video of Garg and CFO Kevi

FBI operation aims to take down massive Russian GRU botnet

The Federal Bureau of Investigation has disclosed it carried out an operation in March to target a massive botnet controlled by Russian intelligence. The operation was authorized by courts in Califor

NSO hacked new Pegasus victims weeks after Apple sought injunction

Investigators say they have found evidence that a Jordanian journalist and human rights defender’s iPhone was hacked with the Pegasus spyware just weeks after Apple sued the spyware’s make
Load More