Category: UNCATEGORIZED

A stream of Chipotle customers have said their accounts have been hacked and are reporting fraudulent orders charged to their credit cards — sometimes totaling hundreds of dollars.

Customers have posted on several Reddit threads complaining of account breaches and many more have tweeted at @ChipotleTweets to alert the fast food giant of the problem. In most cases, orders were put through under a victim’s account and delivered to addresses often not even in the victim’s state.

Many of the customers TechCrunch spoke to in the past two days said they used their Chipotle account password on other sites. Chipotle spokesperson Laurie Schalow told TechCrunch that credential stuffing was to blame. Hackers take lists of usernames and passwords from other breached sites and brute-force their way into other accounts.

But several customers we spoke to said their password was unique to Chipotle. Another customer said they didn’t have an account but ordered through Chipotle’s guest checkout option.

Tweets from Chipotle customers. (Screenshot: TechCrunch)

When we asked Chipotle about this, Schalow said the company is “monitoring any possible account security issues of which we’re made aware and continue to have no indication of a breach of private data of our customers,” and reiterated that the company’s data points to credential stuffing.

It’s a similar set of complaints made by DoorDash customers last year, who said their accounts had been improperly accessed. DoorDash also blamed the account hacks on credential stuffing, but could not explain how some accounts were breached even when users told TechCrunch that they used a unique password on the site.

If credential stuffing is to blame for Chipotle account breaches, rolling out two-factor authentication would help prevent the automated login process — and, put an additional barrier between a hacker and a victim’s account.

But when asked if Chipotle has plans to roll out two-factor authentication to protect its customers going forward, spokesperson Schalow declined to comment. “We don’t discuss our security strategies.”

Chipotle reported a data breach in 2017 affecting its 2,250 restaurants. Hackers infected its point-of-sale devices with malware, scraping millions of payment cards from unsuspecting restaurant goers. More than a hundred fast food and restaurant chains were also affected by the same malware infections.

In August, three suspects said to be members of the FIN7 hacking and fraud group were charged with the credit card thefts.

Salesforce announced today it’s buying another company built on its platform. This time it’s MapAnything, which as the name implies, helps companies build location-based workflows, something that could come in handy for sales or service calls.

The companies did not reveal the selling price, and Salesforce didn’t have anything to add beyond a brief press release announcing the deal.

“The addition of MapAnything to Salesforce will help the world’s leading brands accurately plan: how many people they need, where to put them, how to make them as productive as possible, how to track what’s being done in real time and what they can learn to improve going forward,” Salesforce wrote in the statement announcing the deal.

It was a logical acquisition on many levels. In addition to being built on the Salesforce platform, the product was sold through the Salesforce AppExchange, and over the years MapAnything has been a Salesforce SI Partner, an ISV Premier Partner, according the company.

“Salesforce’s pending acquisition of MapAnything comes at a critical time for brands. Customer Experience is rapidly overtaking price as the leading reason companies win in the market. Leading companies like MillerCoors, Michelin, Unilever, Synchrony Financial and Mohawk Industries have all seen how location-enabled field sales and service professionals can focus on the right activities against the right customers, improving their productivity, and allowing them to provide value in every interaction,” company co-founder and CEO John Stewart wrote in a blog post announcing the deal.

MapAnything boasts 1900 customers in total, and that is likely to grow substantially once it officially becomes part of the Salesforce family later this year.

MapAnything was founded in 2009, so it’s been around long enough to raise over $84 million, according to Crunchbase. Last year, we covered the company’s $33.1 million Series B round, which was led by Columbus Nova.

At the time of the funding CEO John Stewart told me that his company’s products present location data more logically on a map instead of in a table. ‘“Our Core product helps users (most often field-based sales or service workers) visualize their data on a map, interact with it to drive productivity, and then use geolocation services like our mobile app or complex routing to determine the right cadence to meet them,” Stewart told me last year.

It raised an additional $42.5 million last November. Investors included General Motors Ventures and (unsurprisingly) Salesforce Ventures.

Zoom, a relatively under-the-radar tech unicorn, has defied expectations with its initial public offering. The video conferencing business priced its IPO above its planned range on Wednesday, confirming plans to sell shares of its Nasdaq stock, titled “ZM,” at $36 apiece, CNBC reports.

The company initially planned to price its shares at between $28 and $32 per share, but following big demand for a piece of a profitable tech business, Zoom increased expectations, announcing plans to sell shares at between $33 and $35 apiece.

The offering gives Zoom an initial market cap of roughly $9 billion, or nine times that of its most recent private market valuation.

Zoom plans to sell 9,911,434 shares of Class A common stock in the listing, to bring in about $350 million in new capital.

If you haven’t had the chance to dive into Zoom’s IPO prospectus, here’s a quick run-down of its financials:

• Zoom raised a total of $145 million from venture capitalists before filing to go public
• It posted $330 million in revenue in the year ending January 31, 2019 with a gross profit of $269.5 million
• It more than doubled revenues from 2017 to 2018, ending 2017 with $60.8 million in revenue and 2018 with $151.5 million
• Its losses have shrunk from $14 million in 2017, $8.2 million in 2018 and just $7.5 million in the year ending January 2019

Zoom is backed by Emergence Capital, which owns a 12.2 percent pre-IPO stake; Sequoia Capital (11.1 percent); Digital Mobile Venture, a fund affiliated with former Zoom board member Samuel Chen (8.5 percent); and Bucantini Enterprises Limited (5.9 percent), a fund owned by Chinese billionaire Li Ka-shing.

Zoom will debut on the Nasdaq the same day Pinterest will go public on the NYSE. Pinterest, for its part, has priced its shares above its planned range, per The Wall Street Journal.

There isn’t much left to be done in online networking apps. We are all familiar with professional (LinkedIn), social (Facebook), realtime (Twitter), and dating (Tinder, Bummble etc). But profile photos of the people you’re interacting with only get you so far. And we’ve all known that person who looked smart in the photo and turned out to be not so amazing in real life. Photos don’t communicate a person’s energy, body language or their voice.

An app called Wonderloop hopes to solve this problem, with video profiles, like this one.

It’s now added swiping people, Tinder-style. Left for “later and right for “favorite”. In addition, you can see who’s “Nearby” with a location feature, making it more likely you may even bump into this person. How’s that for making your day more… interesting?

Founder Hanna Aase says Wonderloop is not so much “LinkedIn with video” as much as it is “About.me with video”. Why? Well, because it also has a web-platform, allowing you to share your video profile outside the app, as well as message inside it.

I must admit, it’s fair to say that the impression you get from a person from watching them for 10 seconds on a video is pretty persuasive.

Aase says Wonderloop could end up being your personal “video ID” providing each user with their unique video profile. She says Wonderloop’s aim is to create a search engine out of people on video.

“To see people on video creates trust. Wonderloop’s goal is that every person in the world should have a video identity. We want to help users get seen in this world. You use Wonderloop for the first step of turning a stranger into a potentially cool person in your life,” she added.

She thinks the app will be used by people to make new friends, connect influencers with fans, connect entrepreneurs, connect freelancers and travelers and of course a bit of dating here and there.

She’s also hoping the app will appeal to Millennials and Generation-Z who, as frequent travelers, are often into meeting people “nearby.” “We did research and were surprised to the extent the age group 16-20 wish to find new friends,” she says. For instance, apps like Jodel are used by young people to reach out to chat to complete strangers nearby (although with no names attached).

Right now the app is invite-only, but users can apply inside the app. Aase says: “We hope to do it in stages as the company grows and in a way where users feel the community is a place they feel safe and can share who they are on video. But being invite-only also makes us differentiated to all other services.”

It’s super early-bird season for startuppers of every stripe, meaning it’s time to grab the lowest prices on passes to Disrupt San Francisco 2019, going down on October 2-4 at Moscone North. Check out all the different pass types that fit any level of needs and budgets. Register for your pass now to lock in the lowest price, plus you can pay for your pass in four installments if need be.

Here’s how the buy-now-pay-later installment plan works. Follow the normal process to purchase your pass. When it comes time to pay, select the payment plan option. You pay 25 percent of the pass price (plus fees) now, and then pay off the remaining balance in three equal payments to take place on July 15, August 15 and September 15. Note: Discounted Student, Government or Nonprofit Innovator passes are not eligible for payment installments.

Whether you’re a founder, investor, industry leader, developer or technologist, you can lock in your pass and experience all the excitement and action of Disrupt SF 2019 at super savings. Three program-packed days feature hands-on workshops, product demonstrations, top-notch speakers, moderated Q&A sessions and world-class networking — for starters.

Don’t miss Startup Battlefield, TechCrunch’s famous pitch competition — and who can resist the hundreds of innovative startups exhibiting in Startup Alley? It’s a breeding ground of opportunity.

There’s still time to apply to compete in Startup Battlefield — or to be selected as a TC Top Pick and exhibit in Startup Alley for free. It doesn’t cost a thing to apply or participate, so fill out this application to be considered for both of TechCrunch’s VIP early-stage startup programs.

Disrupt SF 2019 takes place on October 2-4. Be kind to your bottom line and buy your pass at the lowest price, spread your payments over four months and enjoy your Disrupt experience knowing you got the best ROI possible. Can’t wait to see you in October!

Is your company interested in sponsoring or exhibiting at Disrupt SF? Click here

The FCC has proposed to deny an application from China Mobile, a state-owned telecom, to provide interconnect and mobile services here in the U.S., citing security concerns. It’s another setback to the country’s attempts to take part in key portions of American telecommunications.

China Mobile was essentially asking to put call and data interconnection infrastructure here in the U.S.; It would have come into play when U.S. providers needed to connect to Chinese ones. Right now the infrastructure is generally in China, an FCC spokesperson explained on a press call.

In a draft order that will be made public tomorrow and voted on in May, FCC Chairman Ajit Pai moves to deny the application, which has been pending since 2011. Such applications by foreign-owned entities to build and maintain critical infrastructure like this in the U.S. have to pass through the Executive, which only last year issued word that it advised against the deal.

In the last few months, the teams at the FCC have reviewed the record and came to the conclusion that, as Chairman Ajit Pai put it:

It is clear that China Mobile’s application to provide telecommunications services in our country raises substantial and serious national security and law enforcement risks. Therefore, I do not believe that approving it would be in the public interest.

National security issues are of course inevitable whenever a foreign-owned company wants to be involved with major infrastructure work in the U.S., and often this can be taken care of with a mitigation agreement. This would be something like an official understanding between the relevant parties that, for instance, law enforcement in the U.S. would have access to data handled by the, say, German-owned equipment, and German authorities would alert U.S. about stuff it finds, that sort of thing.

But that presupposes a level of basic trust that’s absent in the case of a company owned (indirectly but fully) by the Chinese government, the FCC representative explained. It’s a similar objection to that leveled at Huawei, which given its close ties to the Chinese government, the feds have indicated they won’t be contracting with the company for infrastructure work going forward.

The denial of China Mobile’s application on these grounds is apparently without precedent, Pai wrote in a separate note: “Notably, this is the first time the Executive Branch has ever recommended that the FCC deny an application due to national security concerns.”

It’s likely to further strain relations between our two countries, though the news likely comes as no surprise to China Mobile, which probably gave up hope some time around the third or fourth year its application was stuck in a bureaucratic black hole.

The draft order will be published tomorrow, and will contain the evidence and reasoning behind the proposal. It will be voted on at the FCC open meeting on May 9.

Shared electric scooters are close to overtaking bike-sharing, according to the National Association of City Transportation Officials. In 2018, of the 84 million micromobility trips taken, 38.5 million of those were on scooters.

The other 45.5 million trips were on bikes — either ones from station-based bike-shares or dockless shared bikes. Rides on station-based bikes accounted for 36.5 million trips, an increase of nine percent from 2017. Compared to the year prior, more than twice as many trips were taken on micromobility services.

“Managing the many new shared vehicle types on city streets is a challenge,” NACTO Director of Strategy Kate Fillin-Yeh said in a statement. “The data cities receive from vendors can be spotty, complicating efforts to regulate systems or make good policies. Much of the equipment is new and largely untested at scale, and the market is changing rapidly, with an uncertain financial outlook. The most successful shared micromobility systems have been planned hand-in-hand with cities, and we’re excited to help cities create and support transportation options that shift more trips to sustainable, safe modes.”

While station-based bikes saw more usage than the year before, NACTO says electric scooters have likely been the driving factor for the decrease in usage of dockless bikes. Dockless bikes “have largely disappeared from city streets, with the notable exception of dockless bikes still in use in Seattle,” Nacto writes. That’s partly why NACTO predicts dockless bike rides will continue to decrease in 2019.

That’s great news for Lyft, which acquired CitiBike and Ford GoBike provider Motivate last year. That’s not great of news for Uber, which acquired dockless bike-share startup JUMP early last year.

Coinbase is currently only available in 32 countries around the world — mostly in North America, Europe, Australia and Singapore. Today, the company is aggressively expanding by opening 11 countries at once in Latin America and South East Asia. But there’s a trick — there’s no crypto-to-fiat conversions.

Coinbase competitor Binance has taken the crypto world by storm by focusing on crypto-to-crypto conversions. You can only fund and withdraw cryptocurrencies from your Binance account. And if you want to buy some crypto assets, you need to convert crypto assets you already own. For instance, if you want to buy Litecoin, you need to convert Ethereum into Litecoin.

That strategy has paid off as it is much easier to start accepting customers in new countries if you don’t need to connect the exchange with the traditional banking infrastructure.

So Coinbase is doing the same thing and opening crypto-to-crypto conversions and trading in Argentina, Mexico, Peru, Colombia, Chile, India, Hong Kong, South Korea, Indonesia, the Philippines and New Zealand.

Eventually, the company could add crypto-to-fiat conversions in some of those new markets. “We may add fiat to crypto support depending on the different demands and requirements of each of the countries,” a Coinbase spokesperson told me.

Both Coinbase and Coinbase Pro are now available in those new countries. Coinbase also says that crypto-to-crypto transactions now represent the majority of trades on Coinbase.

This is also a great way to get started with cryptocurrencies. If somebody wants to send you some Bitcoin, you can start accepting payments on your Coinbase account. This could be interesting for cross-border payments in particular.

Coinbase supports a stablecoin called USDC. This crypto asset is directly indexed on the value of USD. So if you think the cryptocurrency market is going down, you can convert your assets into USDC to make sure the value of your assets won’t fluctuate too much. But USDC might not be available from day one in today’s new markets.

“USDC is available in most of the recently supported countries through Coinbase Pro. As we continue to receive feedback from our customers, we’ll support USDC in more markets and platforms based on what will offer them the best trading experience,” a Coinbase spokesperson told me.

Disclosure: I own small amounts of various cryptocurrencies.

Investors have forked over $33 million in a new round of funding for Redox, hoping that the company can execute on its bid to serve as the link between healthcare providers and the technology companies bringing new digital services to market.

The financing comes just two months after Redox sealed a deal with Microsoft to act as the integration partner connecting Microsoft’s Teams product to electronic health records through the Fast Healthcare Interoperability Resources standard.

Redox sits at a critically important crossroads in the modern healthcare industry. It’s founder, a former employee at the electronic health record software provider Epic, knows more than most about the central position that data occupies in U.S. healthcare at the moment.

“What we’re doing we’re building the platform and connector to help health systems integrate with technologies in the cloud,” says chief executive, Luke Bonney. 

Bonney served as a team lead in various divisions at Epic before launching Redox and the Madison, Wis.-based company was crafted with the challenges other vendors faced when trying to integrate with legacy systems like the health record provider.

“The fundamental problem is helping a large health system use a third party tool that they want to use,” says Bonney. And the biggest obstacle is finding a way to organize the data coming from healthcare providers into a format that application developers can work with, he said. 

Investors including RRE Ventures, Intermountain Ventures, .406 Ventures joined new investor Battery Ventures in financing the $33 million round. As part of the deal, Battery Ventures general partner Chelsea Stoner will take a seat on the company’s board.

Application developers pay for the number of integrations they have with a health system, and Redox enables them to connect through a standard application programming interface, according to the company. 

Its approach allows secure messaging across any format associated with an organization’s electronic health record (EHR), the company said. 

Redox works with over 450 healthcare providers and hundreds of application developers, the company said.

High profile healthcare networks that work with the company include AdventHealth, Atrium Health, Brigham & Women’s, Clarify Health, Cleveland Clinic, Geisinger, HCA, Healthgrades, Intermountain Healthcare, Invitae, Fitbit, Memorial Sloan Kettering, Microsoft, Ochsner, OSF HealthCare, PointClickCare, R1, ResMed, Stryker, UCSF, University of Pennsylvania, and WellStar.

With air quality not improving any time soon (hello pollution!) respiratory conditions are on the rise. This has created an opportunity for startups to employ smartphones to monitor respiratory diseases with apps and smart devices.

ResApp’s smartphone app, called ResAppDx, diagnoses a wide range of respiratory illnesses accurately by using cough sounds. Healthymize listens for signals of COPD (chronic obstructive pulmonary disease) when you make calls.

NuvoAir is a new digital therapeutics startup which is also tackling this problem. It’s now closed a financing round of $3M led by venture capital firm Industrifonden, one of the largest life science and tech investors in the Nordics. The round also saw participation from existing investor Investment AB Spiltan.

Aria, NuvoAir’s digital therapeutics software, sends a patient personalized care suggestions based their condition.

NuvoAir aims to make respiratory diseases measurable and more treatable. Established in 2015, NuvoAir launched a smartphone-connected “spirometer”, making real-time lung function assessment possible at home. It’s now collected over 500,000 spirometry tests in the last three years. These tests power its machine learning algorithms to provide insights to patients, their physicians and pharma companies.

Lorenzo Consoli CEO of NuvoAir. “This investment and partnership can significantly advance our focus on digital therapeutics and bring to market new smart devices to help patients manage their condition while improving physicians’ clinical decisions”.