Zack Whittaker

Zack Whittaker

Security editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

He can also be reached by email: zack.whittaker@techcrunch.com.

The Latest from Zack Whittaker

Justice Department: No evidence of vote hacking during 2018 election

There is “no evidence to date” that any foreign government had a material impact on voting machines or infrastructure during the 2018 midterm elections, according to a new classified repor

Bots are cheap and effective. One startup trolls them into going away

Bots are ruining the internet. When they’re not pummeling a website with usernames and passwords from a long list of stolen credentials, they’re scraping the price of hotels or train ticke

Everything you need to know about Facebook, Google’s app scandal

Facebook and Google landed in hot water with Apple this week after two investigations by TechCrunch revealed the misuse of internal-only certificates — leading to their revocation, which led to a da

Apple fixes FaceTime eavesdrop bug, with software update incoming

Three days after Apple pulled its new Group FaceTime feature offline after users found they could eavesdrop on people before accepting a call, the company says it has fixed the bug on its end. “We h

Indian state government leaks thousands of Aadhaar numbers

A lapse in security has led to the leaking of more than 100,000 Aadhaar numbers, TechCrunch can reveal. One of the web systems used to record attendance of government workers for the Indian state of J

Amazon’s barely-transparent transparency report somehow gets more opaque

Amazon posted its bi-annual report Thursday detailing the number of government data demands it receives. The numbers themselves are unremarkable, neither spiking nor falling in the second-half of la

Apple restores Google’s internal iOS apps after certificate misuse punishment

Apple has blocked Google from distributing its internal-only iOS apps on its corporate network after a TechCrunch investigation found the search giant abusing the certificates. “We’re working

Houzz resets user passwords after data breach

Houzz, a $4 billion-valued home improvement startup that recently laid off 10 percent of its staff, has admitted a data breach. A reader contacted TechCrunch on Thursday with a copy of an email sent

Google will stop peddling a data collector through Apple’s back door

It looks like Facebook was not the only one abusing Apple’s system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an a

India’s largest bank SBI leaked account data on millions of customers

India’s largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. The server, h

Data management giant Rubrik leaked a massive database of client data

A server security lapse has exposed a massive database of customer information belonging to Rubrik, an IT security and cloud data management giant. The company pulled the server offline Tuesday within

Most of the Fortune 100 still use flawed software that led to the Equifax breach

Almost two years after Equifax’s massive hack, the majority of Fortune 100 companies still aren’t learning the lessons of using vulnerable software. In the last six months of 2018, two-thi

Researchers find a new malware-friendly hosting site after a spike in attacks

Security researchers have traced a recent spike in FormBook infections to a new file-hosting service that’s been billed as a place for hackers to host their malware. Deep Instinct analysts say i

To fight election meddling, Google’s cyber unit Jigsaw extends its anti-DDoS protections to European politicos

Jigsaw, the cybersecurity-focused division owned by Google parent Alphabet, is now allowing political organizations in Europe to sign up for its anti-web-flooding technology for free. Until now, the

After seizing a major DDoS-for-hire site, Europol goes after its users

Last year, Europol and its many law enforcement partners took down and seized webstresser.org, one of the most notorious “booter” sites for launching distributed denial-of-service (DDoS) a

Without proof, is Huawei still a national security threat?

It’s Huawei vs. the U.S., the U.K., Canada, Australia, New Zealand, and most of Europe and Japan. It’s almost as if the world’s biggest surveillance superpowers don’t want Huaw

Facebook to encrypt Instagram messages ahead of integration with WhatsApp, Facebook Messenger

Facebook is planning to roll out end-to-end encryption for Instagram messages, as part of a broader integration effort across the company’s messaging platforms, including WhatsApp and Faceboo

Massive mortgage and loan data leak gets worse as original documents also exposed

Remember that massive data leak of mortgage and loan data we reported on Wednesday? In case you missed it, millions of documents were found leaking after an exposed Elasticsearch server was found with

Millions of bank loan and mortgage documents have leaked online

A trove of more than 24 million financial and banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server

Police license plate readers are still exposed on the internet

Smile! You’re on camera. At least, your license plate is. You might have heard of automatic license plate recognition — known as ALPR (or ANPR in the U.K. for number plates). These cameras are
Load More