Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com and zack.whittaker@protonmail.com

The Latest from Zack Whittaker

A DNS outage just took down a large chunk of the internet

A large chunk of the internet dropped offline on Thursday. Some of the most popular sites, apps and services on the internet were down, including UPS and FedEx (which have since come back online), Air

This tool tells you if NSO’s Pegasus spyware targeted your phone

Over the weekend, an international consortium of news outlets reported that several authoritarian governments — including Mexico, Morocco and the United Arab Emirates — used spyware developed by N

US blames China for Exchange server hacks and ransomware attacks

The Biden administration and its allies have formally accused China of the mass-hacking of Microsoft Exchange servers earlier this year, which prompted the FBI to intervene as concerns rose that the h

An insurtech startup exposed thousands of sensitive insurance applications

A security lapse at insurance technology startup BackNine exposed hundreds of thousands of insurance applications after one of its cloud servers was left unprotected on the internet. BackNine might be

GSA blocks senator from reviewing documents used to approve Zoom for government use

The General Services Administration has denied a senator’s request to review documents Zoom submitted to have its software approved for use in the federal government. The denial was in response

Ring’s latest security updates are good, but still opt-in

Ring, the video doorbell maker dubbed the “largest civilian surveillance network the U.S. has ever seen,” is rolling out new but long overdue security and privacy features. The Amazon-own

New York City’s new biometrics privacy law takes effect

A new biometrics privacy ordinance has taken effect across New York City, putting new limits on what businesses can do with the biometric data they collect on their customers. From Friday, businesses

Evernote quietly disappeared from an anti-surveillance lobbying group’s website

In 2013, eight tech companies were accused of funneling their users’ data to the U.S. National Security Agency under the so-called PRISM program, according to highly classified government docume

Kaseya hack floods hundreds of companies with ransomware

On Friday, a flood of ransomware hit hundreds of companies around the world. A grocery store chain, a public broadcaster, schools, and a national railway system were all hit by the file-encrypting mal

A new ‘digital violence’ platform maps dozens of victims of NSO Group’s spyware

For the first time, researchers have mapped all the known targets, including journalists, activists, and human rights defenders, whose phones were hacked by Pegasus, a spyware developed by NSO Group.

An email sent by One Medical exposed hundreds of customers’ email addresses

Primary care company One Medical has apologized after it sent out an email that exposed hundreds of customers’ email addresses. The email sent out by One Medical on Wednesday asked to “ver

Microsoft says a third of its government data requests have secrecy orders

Microsoft’s customer security chief says as many as one-third of all government demands that the company receives for customer data are issued with secrecy clauses that prevents it from disclosi

Indian tech startup exposed Byju’s student data

India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India&#82

An internal code repo used by New York State’s IT office was exposed online

A code repository used by the New York state government’s IT department was left exposed on the internet, allowing anyone to access the projects inside, some of which contained secret keys and p

Drata raises $25M Series A to expand its security compliance platform

Security compliance is precisely three things: incredibly boring, time consuming, and entirely necessary to run a business in the modern age. Compliance isn’t going away, but startups like Drata

A security bug in Google’s Android app put users’ data at risk

Until recently, Google’s namesake Android app, which has more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a vi

Supreme Court revives LinkedIn case to protect user data from web scrapers

The Supreme Court has given LinkedIn another chance to stop a rival company from scraping personal information from users’ public profiles, a practice LinkedIn says should be illegal but one tha

Google will let enterprises store their Google Workspace encryption keys

As ubiquitous as Google Docs has become in the last year alone, a major criticism often overlooked by the countless workplaces that use it is that it isn’t end-to-end encrypted, allowing Google

Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ details

Volkswagen says more than 3.3 million customers had their information exposed after one of its vendors left a cache of customer data unsecured on the internet. The car maker said in a letter that the

Security flaws found in Samsung’s stock mobile apps

A mobile security startup has found seven security flaws in Samsung’s pre-installed mobile apps, which it says if abused could have allowed attackers broad access to a victim’s personal da
Load More