Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com and zack.whittaker@protonmail.com

The Latest from Zack Whittaker

Window Snyder’s new startup Thistle Technologies raises $2.5M seed to secure IoT devices

The Internet of Things has a security problem. The past decade has seen wave after wave of new internet-connected devices, from sensors through to webcams and smart home tech, often manufactured in bu

Running apps still lag behind on privacy and security

Some of the most popular running apps are still lagging behind on security and privacy. That’s the verdict from security researchers who examined the leading running apps five years apart and fo

Geico admits fraudsters stole customers’ driver’s license numbers for months

Geico, the second-largest auto insurer in the U.S., has fixed a security bug that let fraudsters steal customers’ driver’s license numbers from its website. In a data breach notice filed w

Grocery startup Mercato spilled years of data, but didn’t tell its customers

A security lapse at online grocery delivery startup Mercato exposed tens of thousands of customer orders, TechCrunch has learned. A person with knowledge of the incident told TechCrunch that the incid

Gay dating site Manhunt hacked, thousands of accounts stolen

Manhunt, a gay dating app that claims to have 6 million male members, has confirmed it was hit by a data breach in February after a hacker gained access to the company’s accounts database. In a

FBI launches operation to remove backdoors from hacked Microsoft Exchange servers

A court in Houston has authorized an FBI operation to “copy and remove” backdoors from hundreds of Microsoft Exchange email servers in the United States, months after hackers used four pre

Risk startup LogicGate confirms data breach

Risk and compliance startup LogicGate has confirmed a data breach. But unless you’re a customer, you probably didn’t hear about it. An email sent by LogicGate to customers earlier this mon

Biden’s cybersecurity dream team takes shape

President Biden has named two former National Security Agency veterans to senior government cybersecurity positions, including the first national cyber director. The appointments, announced Monday, la

APKPure app contained malicious adware, say researchers

Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google’s app store, contained malicious adware that flooded the victim&#8

Facebook ran ads for a fake ‘Clubhouse for PC’ app planted with malware

Cybercriminals have taken out a number of Facebook ads masquerading as a Clubhouse app for PC users in order to target unsuspecting victims with malware, TechCrunch has learned. TechCrunch was alerte

Education nonprofit Edraak ignored a student data leak for two months

Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake. The nonprofi

The do’s and don’ts of bug bounty programs with Katie Moussouris

Cybersecurity veteran Katie Moussouris explains what startups should (and shouldn't) do, what to prioritize, and the difference between vulnerability disclosure, penetration testing and bug bounties.

US charges California man over Shopify data breach

A grand jury has indicted a California resident accused of stealing Shopify customer data on over a hundred merchants, TechCrunch has learned. The indictment charges Tassilo Heinrich with aggravated i

How Jamaica failed to handle its JamCOVID scandal

Amber Group claimed it faced "cyberattacks, hacking and mischievous players." In reality, the app was just not that secure.

Microsoft outage knocks sites and services offline

Microsoft stumbled back online Thursday after an hours-long outage in the middle of the U.S. west coast working afternoon. Besides its homepage, Microsoft’s Xbox and Office services went down, l

US cuts trade ties to Myanmar, leaving internet access uncertain

The U.S. government has cut trade ties to Myanmar, two months after the country’s military staged a coup overthrowing the country’s president and also its de facto leader, Aung San Suu Kyi

Apple releases iPhone, iPad and Watch security patches for zero-day bug under active attack

Apple has released an update for iPhones, iPads and Watches to patch a security vulnerability under active attack by hackers. The security update lands as iOS 14.4.2 and iPadOS 14.4.2, which also cove

A new Android spyware masquerades as a ‘system update’

Security researchers say a powerful new Android malware masquerading as a critical system update can take complete control of a victim’s device and steal their data. The malware was found bundle

FatFace tells customers to keep its data breach ‘strictly private’

Clothing giant FatFace had a data breach, but doesn’t want you to tell anyone about it. The company sent an email to customers this week disclosing that it first detected a breach on January 17.

Roll still doesn’t know how its hot wallet was hacked

Move fast, break things, get hacked. That’s what happened at Roll, the social currency platform that allows creators to mint and distribute their own Ethereum-based cryptocurrency known as socia
Load More