Notices by Zack Whittaker (zackwhittaker@mastodon.social)

New: Iran’s largest crypto exchange Nobitex said it was hacked and funds drained.

Pro-Israel hacking group Predatory Sparrow claimed responsibility for the hack, which saw the group steal and destroy some $90 million in cryptocurrency from the Iranian exchange.

https://techcrunch.com/2025/06/18/hackers-steal-and-destroy-millions-from-irans-largest-crypto-exchange/

Holy shit. AP reports that the Trump admin. provided deportation officials with personal data and immigration status on millions of Medicaid enrollees. Data includes "addresses, names, social security numbers and claims data for enrollees" in California, Illinois, Washington state and Washington DC.

https://apnews.com/article/medicaid-deportation-immigrants-trump-4e0f979e4290a4d10a067da0acca8e22

New, by me: 23andMe's interim CEO says around 15% of its customers — close to 2 million people! — have asked the company to delete their genetic data following its bankruptcy.

Meanwhile, a coalition of 28 U.S. states have sued to block the sale of 23andMe's data without customers' consent.

https://techcrunch.com/2025/06/11/23andme-says-15-of-customers-asked-to-delete-their-genetic-data-since-bankruptcy/

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account.

TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

https://techcrunch.com/2025/06/09/google-fixes-bug-that-could-reveal-users-private-phone-numbers/

Supreme Court has granted Elon Musk’s DOGE access to sensitive Social Security information, including full access to personally identifiable information in the Social Security Administration database while the case proceeds on appeal.

https://www.bloomberg.com/news/articles/2025-06-06/supreme-court-gives-doge-access-to-social-security-data?srnd=homepage-americas

NEW: Cellebrite, maker of phone unlocking tech, to buy mobile testing startup Corellium for $170 million.

https://techcrunch.com/2025/06/05/phone-unlocking-firm-cellebrite-to-acquire-mobile-testing-startup-corellium-for-170m/

New, by me: Data broker giant LexisNexis has revealed that its risk solutions unit (think "know your customer," risk assessing, due diligence, and law enforcement assistance) was breached, affecting the personal data and Social Security numbers of at least 364,000 people.

https://techcrunch.com/2025/05/28/data-broker-giant-lexisnexis-says-breach-exposed-personal-information-of-over-364000-people/

NEW by @lorenzofb: A mysterious government hacking group called "Careto" (aka "The Mask") was once one of the "most advanced threats" of its time, but was never publicly linked to a specific government.

Researchers privately concluded that Careto was working for the Spanish government.

https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/

New: Senior White House official Russell Vought, who's also the acting head of the Consumer Financial Protection Bureau, has scrapped a plan that would have blocked data brokers from selling Americans' personal and financial information, including Social Security numbers.

https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/

Good news! An encryption backdoor bill in Florida has failed.

https://techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed

PowerSchool paid a hacker’s ransom, but now schools say they are being extorted.

https://techcrunch.com/2025/05/08/powerschool-paid-a-hackers-ransom-but-now-schools-say-they-are-being-extorted/

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.

Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they "unequivocally condemn" the "spurious and retaliatory targeting" of former CISA director Chris Krebs — and urge the rescinding of the Trump order targeting him.

https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs

@carlypage Carly, it's been the absolute privilege of my professional career to have worked with you, one of the finest cybersecurity journalists in the world today. it's gutting that TechCrunch is losing some incredibly talented staff (and for no good reason). you are an astounding reporter, a deft editor, and you brought everything to this job and it showed.

For anyone reading this; hire @carlypage.

Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan public servants and the normalization of loyalty oaths."

"If we — who aim to protect critical systems — can’t defend the humans who manage and maintain them, what exactly are we securing?"

Full read: https://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae

New, by me: Blue Shield of California said it's notifying at least 4.7 million people that it shared their personal and protected health information with Google over several years.

Blue Shield blamed a misconfiguration of its use of Google Ads, and said the collected data may have been used "to conduct focused ad campaigns" on affected members.

https://techcrunch.com/2025/04/23/blue-shield-of-california-shared-the-private-health-data-of-millions-with-google-for-years/

Good read from @hrbrmstr on the Trump administration's retaliation against Chris Krebs, given that the RSA conference is rapidly approaching.

"Silence is not safety. Silence is capitulation. If the cybersecurity community cannot defend its own when the truth is under attack, then what exactly are we protecting?"

https://rud.is/b/2025/04/17/trumps-retaliation-against-chris-krebs-and-the-cybersecurity-industrys-deafening-silence/

New: Someone hacked audio-enabled crosswalk buttons across Silicon Valley over the weekend to upload voices that sound like Mark Zuckerberg and Elon Musk.

"They say money can't buy happiness…I guess that's true. God knows I've tried," said one button hacked to sound like Musk. "F--k I'm so alone."

https://techcrunch.com/2025/04/14/silicon-valley-crosswalk-buttons-hacked-to-imitate-musk-zuckerberg-voices/

Per Reuters, one unnamed cybersecurity executive said that by going after someone as high-profile as his own former CISA chief, Trump was cowing the industry into silence.

"If they are willing to crush Krebs, what do you think they'll do to me or others like me?" he said, speaking on condition of anonymity for fear of retaliation.

Stellar reporting by @aj_vicens and @razhael.

https://www.reuters.com/world/us/cybersecurity-industry-falls-silent-trump-turns-ire-sentinelone-2025-04-10

Cannot unsee. https://velvetshark.com/ai-company-logos-that-look-like-buttholes