NEW: Petco's data breach exposed customers' Social Security numbers, driver’s license numbers, financial information, and more.

The company is still not saying how many customers in total were affected by this security incident.

Petco's security lapse affected customers' SSNs, drivers' licenses and more  | TechCrunch

Petco said the exposure was due to an error in an application, and that it is notifying victims’ whose data was affected.

TechCrunch (techcrunch.com)

After we published this story, Kohler has removed all mentions of "end-to-end encryption" from its website.

Company PR said: "We used the term with respect to the encryption of data between our users (sender) and Kohler Health (recipient)."

Elk

A nimble Mastodon web client

Elk (elk.zone)

NEW: Pet products and services giant Petco has disclosed a data breach, but it is not saying how many people were affected, nor what personal data was exposed.

Spokesperson said company had “provided further information to individuals whose information was involved.”

Petco confirms security lapse exposed customers’ personal data | TechCrunch

The pet company has published almost no details about what happened, who was affected, and what personal data was exposed.

TechCrunch (techcrunch.com)

NEW: Staffers at notorious spyware maker Intellexa had live remote access to their customers' surveillance systems.

This allowed them to see the personal data of targets hacked with Intellexa's spyware Predator, according to new research based on a leaked training video.

Needless to say, this is bad for several reasons.

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say | TechCrunch

Based on a leaked video, security researchers alleged that Intellexa staffers have remote live access to their customers' surveillance systems, allowing them to see hacking targets’ personal data.

TechCrunch (techcrunch.com)

NEW: Your "end-to-end encrypted" poop pictures taken by this $599 (+ subscription) smart toilet camera are actually not end-to-end encrypted.

¯_(ツ)_/¯

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted | TechCrunch

Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.

TechCrunch (techcrunch.com)

NEW: Europol shut down Cryptomixer, a crypto service alleged to have facilitated the laundering of 1.3 billion euros since 2016.

Service was allegedly used by cybercriminals, drug and weapons traffickers, and ransomware gangs.

European cops shut down crypto mixing website that helped launder 1.3 billion euros | TechCrunch

Europol announced the seizure of Cryptomixer’s official website, as well as 25 million euros and 12 terabytes of data from the mixer's service.

TechCrunch (techcrunch.com)

NEW: Google says the new wave of supply chain attacks by Scattered Lapsus$ Hunters impacted more than 200 companies' Salesforce-stored data.

This wave of breaches of Gainsight customers was caused by a previous breach at Salesloft Drift, ShinyHunters told us.

Hackers said they breached Atlassian, CrowdStrike, Docusign, F5, Gitlab, Linkedin, Malwarebytes, Sonicwall, Thomson Reuters, Verizon.

Malwarebytes said it is investigating.

CrowdStrike said company is "not affected."

Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch

Notorious hacking collective Scattered Lapsus$ Hunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.

TechCrunch (techcrunch.com)

NEW: Salesforse says said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.

Notorious hacking group ShinyHunters has reportedly claimed responsibility for this new wave of data breaches.

Salesforce says some of its customers' data was accessed after Gainsight breach | TechCrunch

Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.

TechCrunch (techcrunch.com)

NEW: The classic anime "Ghost in the Shell," one of the most influential hacking movies of all time, turned 30 years old this week.

Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.

The story of the “infamous mystery hacker” the Puppet Master has many fascinating bits of speculative fiction related to hacking that are worth reflecting on.

How the classic anime 'Ghost in the Shell' predicted the future of cybersecurity 30 years ago | TechCrunch

The story of Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the internet.

TechCrunch (techcrunch.com)

NEW: Internet infrastructure giant Cloudflare blamed this morning's massive internet outage on a "latent bug."

This is another stark reminder that the internet depends on just a handful of companies. According to an estimate, Cloudflare is used by 20% of all websites on the internet.

Cloudflare blames massive internet outage on 'latent bug' | TechCrunch

An outage at internet infrastructure giant Cloudflare took down several big websites and services, including ChatGPT, Claude, Spotify, and X.

TechCrunch (techcrunch.com)

NEW: Delivery giant DoorDash disclosed a data breach impacting an unspecified number of users.

Hackers stole names, emails, phone numbers, and physical addresses, but DoorDash said that “no sensitive information was accessed by the unauthorized third party."

DoorDash confirms data breach affecting users’ phone numbers and physical addresses | TechCrunch

The delivery giant said “no sensitive information” was accessed, and did not specify the number of customers, delivery workers, and merchants who were affected by the breach.

TechCrunch (techcrunch.com)

The Cyber Police Department of Ukraine sent this email to me, @zackwhittaker, and some other cyber journalists.

Basically, it seems they are asking for help going after hackers expecting journalists to share information we would never share with law enforcement. Nope, this is not how it works.

NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.

U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.

Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch

The U.S. Department of Justice said five people — including four U.S. nationals — "facilitated" North Korean IT workers to get jobs at American companies, allowing the regime to earn money from their remote labor.

TechCrunch (techcrunch.com)

NEW: Authorities from nine countries took down three cybercrime operations, including the Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.

This is the latest round of the ongoing Operation Endgame, which is starting to feel like "whack-a-mole forever," as one security researcher involved in the operation put it.

Police take down three cybercrime operations in latest round of 'whack-a-mole' | TechCrunch

Authorities from nine countries took down three cybercrime operations, including the Rhadamantys infostealer, which allegedly had access to the crypto wallets of more than 100,000 victims.

TechCrunch (techcrunch.com)

NEW: Cybersecurity firm Deepwatch laid off around 80 people citing AI the reason.

CEO John DiLullo said the company “is aligning our organization to accelerate our significant investments in AI and automation.”

A current employee said that Deepwatch is “doing something with AI and agentic AI but it sounds like bullshit.”

Cybersecurity firm Deepwatch lays off dozens, citing move to 'accelerate' AI investment | TechCrunch

Deepwatch’s CEO told TechCrunch that the layoffs allow the company to accelerate investments in “AI and automation.”

TechCrunch (techcrunch.com)

NEW: A group of Senators and Congresspeople are warning Governors that their states are providing ICE “with frictionless, self-service access to the personal data of all of your residents.”

The data sharing is managed by a nonprofit called Nlets, which is managed by state police agencies.

Lawmakers warn Democratic governors that states are sharing drivers' data with ICE | TechCrunch

A group of Democratic lawmakers asked governors in California, Colorado, and other states to block ICE from accessing their residents’ driver’s license data without their knowledge.

TechCrunch (techcrunch.com)

NEW: I tried to explain why there are so many victims of spyware, despite the fact that its makers have been telling us for years that the tech is only intended to be used in limited cases.

There are several reasons, including how the spyware systems are designed, how powerful and easy to use they are.

Why a lot of people are getting hacked with government spyware | TechCrunch

Government surveillance vendors want us to believe their spyware products are only used in limited and targeted operations against terrorists and serious criminals. That claim is increasingly difficult to justify, given the broad range of victims — journalists, activists, and now political consultants — that have come forward.

TechCrunch (techcrunch.com)