Zack Whittaker
LightNews LightNews
banner
zackwhittaker.com
Zack Whittaker
@zackwhittaker.com
15K followers 270 following 670 posts
Security editor, TechCrunch
Signal: zackwhittaker.1337
My stories: techcrunch.com/author/zack-whittaker
My newsletter/blog: this.weekinsecurity.com
Posts Replies Media Videos
zackwhittaker.com
Betterment was hacked and users' personal data compromised, but you might not know it because the company hid its data breach notice with a "noindex" tag in its web page source code. This tells search engines to ignore the page so people won't see it in search results. techcrunch.com/2026/01/12/f...
a screenshot of Betterment's data breach web page source code, showing a "noindex" tag in the code, which instructs search engines to ignore the page and not make it returnable in search results.
January 12, 2026 at 6:24 PM
zackwhittaker.com
Our analysis revealed at least a hundred places where license plate-reading cameras are located, including major Uzbek cities, busy rural, junctions & other important transit routes across the country. One dashboard allowed video playback of motor violations.

More: techcrunch.com/2025/12/23/i...
a screenshot of the Uzbek license plate scanning web dashboard, showing a license plate reader identifying and clocking a vehicle as violating traffic rules.
December 23, 2025 at 5:05 PM
zackwhittaker.com
One of those stupid autonomous Uber Eats delivery robots in our neighborhood looks like it got stuck in cold weather, frozen to the ground, not moving.

The future, everyone.
an autonomous Uber Eats delivery robot, on the snow, stuck, frozen and unable to move.
December 18, 2025 at 3:01 PM
zackwhittaker.com
These are the questions that TechCrunch asked Mixpanel CEO Jen Taylor about the company's data breach.

If anyone else wants to follow up with any of these questions, be my guest. Mixpanel is welcome to respond to my emails at any time.
questions we asked Mixpanel by email: We understand Mixpanel was targeted by a SMS phishing attack; can you provide more details about the attack, and whether this SMS phishing attack targeted Mixpanel employees? How many employees were targeted? When did the SMS phishing attack begin targeting Mixpanel employees, if known? Were staff accounts compromised as part of the cyberattack? If so, how many? What percentage of employee accounts were protected by multi-factor authentication prior to November 8? Has Mixpanel called in an external incident response firm to investigate and advise Mixpanel? If so, which company is this? We understand that Mixpanel notified customers, such as OpenAI, that the stolen data includes users' names, email addresses, coarse location data (based on device usage), and device data, such as browser or operating system. Can Mixpanel confirm? Were any other specific types of data exfiltrated from Mixpanel's systems? Does Mixpanel have a complete list of file types affected by this data breach? Does Mixpanel have the technical means, such as logs, to determine what specific data was exfiltrated? Does the exfiltrated data include unique device identifiers, such as Apple IDFA or Android advertising ID? We understand that Mixpanel collects information from mobile apps and websites via its API (api.mixpanel.com/track). Can Mixpanel confirm or deny that data collected this way was affected by the Mixpanel breach? How much of this data was exfiltrated from Mixpanel's systems? We understand Mixpanel has around 8,000 paying customers (let me know if you have a more accurate figure). How many Mixpanel customers had data compromised during the cyberattack? Has Mixpanel received any communication from the hackers, such as a demand for payment? Is Mixpanel aware of the identities of the hackers, or able to attribute to a particular hacking group at this time? What specific "additional controls" has Mixpanel implemented since the cyberattack?
December 17, 2025 at 4:28 PM
zackwhittaker.com
i've seen enough already
a search of the Ring founder's book of "police," showing 12 results. a search of the Ring founder's book of "encryption," showing zero results.
December 16, 2025 at 5:39 PM
zackwhittaker.com
My new hacker handle just dropped.
"Hi, your security code is: whaflboi" — which reads as "waffle-boy."
November 13, 2025 at 12:55 PM
zackwhittaker.com
These Rippling ads are pretty much everywhere in lower Manhattan. My one and only thought is: with all your eggs in one basket, that's gonna hurt real bad if/when they get hacked.
two Rippling ads, side by side, featuring the words: "One platform for HR, IT, and Finance? That's Rippling." The other one says "Global HR, Global Payroll, Benefits, Expenses, Identity & Access, Scheduling, Device Mgmt, Corporate Cards, Recruiting, Bill Pay."
November 12, 2025 at 4:59 PM
zackwhittaker.com
Find out why this sticker on my laptop (photo below) features a crying Kim Jong Un, with the words: "Don't hire a spy; say something to make Kim cry."

If you want to sign up for my free weekly newsletter (or $10/month for articles and more), you can sign up over here: this.weekinsecurity.com
a photo showing the back of a Mac laptop with a sticker, which has a cartoon image of Kim Jong Un crying, with the circular text that reads: "Don't hire a spy, say something to make Kim cry."
November 7, 2025 at 1:27 AM
zackwhittaker.com
Theo doesn't really understand democracy (though, I think he would probably say his feeding schedule is downright authoritarian) but as someone who does, and these days gets to vote, it's something I never take for granted.
my cat, Theo, with white and grey fur, asleep upside down with a little fang showing.
November 5, 2025 at 7:13 PM
zackwhittaker.com
New laptop sticker just dropped.
a photo of my laptop lid, with an NPR sticker that reads: "Feral for the Free Press," plus a cartoon shooting star with a smiley-face and a rainbow trail.
November 1, 2025 at 12:05 PM
zackwhittaker.com
Thankful for my partner who, while I'm on the other side of the country, calls me to FaceTime with our cats.
a facetime screenshot of my cat, Theo, asleep on the couch. you can see his little toe beans. a facetime screenshot of my cat, Toby, who looks assertive and sarcastic, which is very much his personality so no surprise there. he is very handsome.
October 30, 2025 at 4:13 AM
zackwhittaker.com
House Republicans James Comer and Nancy Mace wrote a letter to TeaOnHer founder Xavier Lampkin demanding answers about the app's poor cybersecurity practices, citing my TechCrunch story earlier this year that found the app exposing users’ gov't-issued IDs and selfies. therecord.media/teaonher-app...
a screenshot from The Record's story, which reads: Comer and Mace also focused on TeaOnHer's poor cybersecurity practices. In August, TechCrunch found a security vulnerability in TeaOnHer that let anyone access users' emails addresses, driver's licenses, selfies and locations. "If true, the Committee's concerns extend to the vulnerability of the images and information associated with the women and minors who did not provide consent to have their information uploaded to your application," the lawmakers wrote, citing the TechCrunch report. a meme of a guy looking cross, with the headline: "Heartbreaking: The Worst Person You Know Just Made a Great Point"
October 24, 2025 at 6:06 PM
zackwhittaker.com
My favorite #NoKings sign seen in my neighborhood today.
a protest sign, half in blue and half in red, with a cartoon of a black cat with a grumpy face kicking a crown, and it reads: "NOPE" (with a red tie imitating Trump's tied through the 'O') and "SINCE 1776".
October 18, 2025 at 10:16 PM
zackwhittaker.com
A timeline cleanse, if anyone needs one. This is Theo, basking in the mid-afternoon sun.
a photo of my russian blue cat, Theo, who can be seen here in a stream of sunlight on a blue floral rug, stood and looking at the camera.
October 15, 2025 at 9:26 PM
zackwhittaker.com
Toby wishes everyone a peaceful evening.
a photo of my tabby cat Toby, asleep on a green cushion, with his feet curled up so that you can see his cute little toe beans.
October 13, 2025 at 12:17 AM
zackwhittaker.com
New Windows wallpaper just dropped.
my cat, Theo, sprawled out asleep on a rug, with a stream of light passing over him as if to project a windows-style shadow.
October 5, 2025 at 1:43 PM
zackwhittaker.com
We verified the bug by uploading a new Partiful profile photo taken from outside of Moscone West in SF, which contained the photo’s precise location. When we checked the metadata of the photo on Partiful’s server, it *still* had the photo's exact coordinates.

More: techcrunch.com/2025/10/04/e...
a screenshot from the TechCrunch article, showing a photo (left) of outside Moscone West in San Francisco, and another photo (right) showing the location marker from the photo on a Google Map.
October 4, 2025 at 4:09 PM
zackwhittaker.com
Spot the two glaring typos in the White House's daily press schedule email sent out this morning.

"THE PRESIDENT recieves his Intelligence Brieifing."
a screenshot from the White House's press briefing email, which has two typos in the line: "THE PRESIDENT recieves his Intelligence Brieifing."
August 28, 2025 at 11:19 AM
zackwhittaker.com
Update your iPhones, iPads and Macs. A new Apple software update went out fixing a zero-day security flaw under attack.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

support.apple.com/en-us/124925
a screenshot of iOS 18.6.2, which fixes a memory corruption bug. It reads: "This update provides important security fixes and is recommended for all users."
August 20, 2025 at 8:02 PM
zackwhittaker.com
Another Totally Normal Day™ on the White House press pool email list.
a screenshot of an email from the White House press email list, which reads as follows: White House Press Secretary Karoline Leavitt brought us back to the Rose Garden and told us that the president is testing the new speakers for "what will be the best event in the history of the White House." She said the next party is "hopefully soon." Trump is currently controlling the playlist. "Whiter Shade of Pale" by Procol Harum is currently playing.
August 19, 2025 at 8:34 PM
zackwhittaker.com
a photo/meme of Matthew McConaughey smoking a cigarette with an extremely alarmed expression on his face and in his eyes
August 14, 2025 at 1:11 PM
zackwhittaker.com
a screenshot from a simpsons episode, showing a tv screen, which reads "technical difficulties, please stand by," showing a cute puppy pulling a plug out of a wall socket
August 13, 2025 at 4:53 PM
zackwhittaker.com
Reading this in British English, this is the most passive aggressive shade throwing I've ever seen from the U.K. government. www.gov.uk/government/n...
advice from the UK government's national drought group, which gives six valid options for "how to save water at home," then a seventh option which clearly identifies data centers as a major source of water use, which says "delete old emails and pictures as data centers require vast amounts of water to cool their systems."
August 12, 2025 at 2:32 PM
zackwhittaker.com
There is absolutely no reason to include "noindex" code on your data breach notification page, unless of course you're deliberately trying to hide it from search engines so people can't find the information they need.

More: techcrunch.com/2025/08/07/d...
a screenshot of Bouygues' data breach page, which contains "noindex" code preventing search engines from indexing the page.
August 7, 2025 at 1:48 PM
zackwhittaker.com
Just a normal thing to read on the White House press pool email list.
email from a White House press pooler: "Presidential roof walk ended 11:05. White House said he was there for 20 minutes."
August 5, 2025 at 5:21 PM