Archives

Written by Zack Whittaker

Particle lays off 10% staff and co-founder departs after ‘turbulent period’

San Francisco-based startup Particle was one of the rising stars in the Internet of Things space, raising more than $81 million to date on the promise of helping to manage and secure the next-generation of connected devices.

But the company is only now emerging from what it’s co-founder and chief executive Zach Supalla called a “turbulent period,” prompting layoffs and cost-cutting to help stay afloat, TechCrunch has learned.

Founded in 2012, Particle snagged $40 million in its Series C fundraise last October from big industrial investors including Qualcomm Ventures and Energy Impact Partners, signaling strong support for the company’s mission. The startup pitches its flagship platform as an all-in-one solution to manage and secure IoT devices with encryption and security, but also scalability and data autonomy.

But a recent email sent by Supalla to his staff — obtained by TechCrunch — shows the company is course-correcting after a recent revenue miss.

The email, which the company confirmed was sent by the chief executive, said Particle laid off 14 staff earlier this month, representing about 10% of the company. The layoffs of both engineering and support staff came just weeks after co-founder and chief technology officer Zachary Crockett quietly departed the company for “unrelated” reasons, said Supalla. (Crockett did not respond to a request for comment.)

According to Supalla’s email to staff, Particle’s revenue goal in 2019 was $16 million but it ended the year with $10.3 million. Supalla cited, among other things, “operational challenges” with the business that he said kept the company “from executing as well as we could.”

Supalla said that the company still has a “flush” bank account with more than $30 million in the bank, but the company’s current burn rate of $2 million per month is “uncomfortably high.”

“We would only have until early 2021 to prepare for the next stage of financing the company,” he said.

The email added that the company is bringing on $10 million in venture debt, but Supalla told TechCrunch that the deal is “still in progress.” Particle is aiming to reduce its burn rate to about $1.6 million per month, which Supalla’s email said would be achievable with the recent layoffs but also reducing discretionary budgets, including marketing.

The cost-cutting will “put us in a position of financial strength,” the email said, adding that the company has “no intentions” of further layoffs.

Although the 14 staff have been given severance, one source said that some are still waiting for the payouts — some two weeks after the announcement — which Supalla confirmed in an email. TechCrunch also learned that former staff were asked to sign non-disclosure agreements. Supalla told TechCrunch that these agreements come with non-disparagement clauses, but that anyone laid off that wanted to be released from the non-disparagement terms would be.

Supalla’s email is hardly the death knell for the company, but questions remain about its revenue targets and its efforts to reduce its monthly burn rate. The chief executive’s email said, candidly, that while layoffs can signal financial duress, they’re all too often made too late and “as a last resort.”

“That’s not what’s happening here,” said Supalla. “We have plenty of money in the bank and are making prudent cuts to strengthen the business.”


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849.

A security mishap left Remine wide open to hackers

Security is all too often focused on keeping hackers out and breaches at bay. But in the case of Remine, a real estate intelligence startup, it left its doors wide open for anyone to run rampant.

Remine is a little-known but major player in the real estate analytics and intelligence market. It works by collecting and mining vast amounts of real estate data — from public listings to privately obtained data from brokers and real estate agents from across the United States. The company, which last year raised $30 million in its Series A to help expand its real estate data and intelligence platform, claims it has data “on 150 million properties across all 50 states.”

But that data was only a few clicks away from being easily accessible, thanks to a misconfigured system.

The misconfiguration was found in Remine’s development environment, which although protected by a password, let anyone outside the company register an account to log in.

Thinking it was a secure space, Remine’s developers shared private keys, secrets and other passwords, which if exploited by a malicious hacker would have allowed access to the company’s Amazon Web Services storage servers, databases and also the company’s private Slack workspace.

Mossab Hussein, a security researcher at Dubai-based cybersecurity firm SpiderSilk, found the exposed system and reported the findings to TechCruch so we could inform the company of the security lapse.

The exposed private keys, he said, allowed for full access to the company’s storage servers, containing more than a decade’s worth of documents — including title deeds, rent agreements and addresses of customers or sellers, he said.

One of the documents seen by TechCrunch showed personal information, including names, home addresses and other personally identifiable information belonging to a rental tenant.

After TechCrunch reached out, Remine co-founder and chief operating officer Jonathan Spinetto confirmed the security lapse and that its private keys and secrets have been replaced. Spinetto also said it has notified customers with a letter, seen by TechCrunch. And, the company has retained cybersecurity firm Crypsis to handle the investigation, and that the company will “assess and comply” with applicable data breach notification laws based on the findings of the investigation.

Remine escaped bruised rather than breached, a lesson to all companies, large and small, that even the smallest bug can be enough to wreak havoc.

Read more:


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849.

Firefox to enable DNS-over-HTTPS by default to US users

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed.

It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private.

Whenever you visit a website — even if it’s HTTPS enabled — the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can’t be intercepted or hijacked in order to send a user to a malicious site.

These unencrypted DNS queries can also be used to snoop on which websites a user visits.

DoH works at the app-level, and is baked into Firefox. The feature relies on sending DNS queries to third-party providers — such as Cloudflare and NextDNS — both of which will have their DoH offering baked into Firefox and will process DoH queries.

But the move is not without controversy. Last year, an internet industry group branded Mozilla an “internet villain” for pressing ahead the security feature. The trade group claimed it would make it harder to spot terrorist materials and child abuse imagery. But even some in the security community are split, amid warnings that it could make incident response and malware detection more difficult.

The move to enable DoH by default will no doubt face resistance, but browser makers have argued it’s not a technology that browser makers have shied away from. Firefox became the first browser to implement DoH — with others, like Chrome, Edge, and Opera — quickly following suit.

Firefox said users outside of the U.S. can also enable DoH, just as users inside the U.S. can choose to disable it. Mozilla also said it plans to expand to other DoH providers and regions.