Security report: Apple’s Hide My Email service fails to hide your email


Political on The European Parliament’s PEGA Committee – which was set up to investigate spyware abuses, including the notorious Pegasus malware –He was targeted along with Pegasus himselfaccording to new research findings released this week. Meanwhile, Google’s senior security staff warned this week that the pro-competition base Proposals in the European Union could leave Google and Android’s search systems vulnerable For hacking and other abuse.

A WIRED investigation this week revealed that Meta contractors They were asked as children and teenagers to see how chatbots work Companies like Gemini and ChatGPT have responded to prompts related to high-risk topics, including suicide, sex, and drugs.

One researcher realized that he could use Anthropic’s Claude Opus 4.7 to break into the Front Gate website and… Issuing tickets to almost any music festival in the United Statesincluding Lollapalooza and Bonnaroo.

But wait, there’s more! Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Back in 2021, Apple launched its phone Hide my email toolwhich, as the name suggests, allows people to register for online services using an email address that is not directly associated with them. The privacy feature creates “random, unique email addresses” that redirect incoming messages to the user’s personal email address, reducing the amount of information they need to hand over to companies.

Report from 404 media this week Apple revealed that a security vulnerability in the system made it possible, for at least a year, to reveal people’s real email addresses when they used Apple’s privacy service. “Apple Hide My Email leaks email addresses that are supposed to be hidden,” security researcher Tyler Murphy, who discovered the flaw in June 2025, told the publication. “In our limited tests with volunteers, the percentage of email addresses hidden was 100% exploitable,” he said.

The exact details of the vulnerability and how it works have not been revealed as the issue has not been resolved. In tests conducted by 404 Media and Murphy, a newly created Hide My Email address, which used the @icloud.com domain, was able to be linked back to its creator’s real email address. Murphy said he reported the issue to Apple last summer, and was told it had been “addressed” by March of this year. However, when the researcher continued testing the issue, it remained exploitable, with Apple telling Murphy two months ago that it was still investigating the issue. Apple did not respond to requests for comment from the publication.

A nineteen-year-old has been arrested and extradited to the United States to face charges over his alleged involvement in the notorious Scattered Spider hacking group, affiliated with the Department of Justice. Announced this week. Peter Stokes, a dual Estonian-American citizen, was arrested in Finland in April and charged with computer hacking, conspiracy and fraud linked to the criminal ring.

that it The alleged one That Stokes, along with other members of the hacking collective, hacked an unnamed “luxury jewelry retailer” and demanded a ransom of $8 million in cryptocurrency in May 2025. The company did not pay but still spent $2 million on the incident, according to the Department of Justice. press release. In recent years, a scattered spider population has emerged, which is largely believed to be the case Composed of young English-speaking adolescentscaused chaos around the world by hacking and disrupting dozens of companies. Stokes’ arrest comes on the heels of two British members of Scattered Spider, Thala Jabeer and Owen Flowers, recently… Admitting guilty to hack Transport for London in 2024 and cause millions in damage.

After a step by encrypted messaging app signal Last year, WhatsApp announced that it would be rolling out soon Usernames of billions of people. This option means that it is possible for people to call and message each other without having to share phone numbers, further protecting privacy. However, officials in India, one of WhatsApp’s largest markets, have tried this previously Unfold Cryptographic protection on the Meta-owned app opposed the introduction of usernames. Message from the Indian government, Viewed by Reutersasked WhatsApp to temporarily stop rolling out usernames in the country. The letter claimed that the move could increase fraud and cybercrime, citing concerns about allowing anonymity online. The message was followed Separate messages To Signal and Telegram regarding their use of usernames.

Thousands of Automatic license plate reader camerasknown as ALPRs, have been popping up across the United States over the past few years. The cameras, which can be deployed by police, cities and companies, photograph passing cars and record details about their movements. In addition to license plate numbers, the systems can record the time and location of photos and the make and model of the vehicle, As well as bumper stickers. Billions of images and details of vehicle movements are captured in ALPR’s extensive databases.

However, a growing body of evidence shows that when camera systems make mistakes, innocent people can be detained by law enforcement officials and charged with crimes. A review of court records and media reports, which is likely the tip of the iceberg, was conducted by the nonprofit Institute for Justice Found this week At least 24 cases of mistaken identity over the past eight years. These reportedly include a couple with a child in their car who were held at gunpoint; A camera misreads the letter ‘O’ as ‘0’, leading to the grandparents being detained; A person is stopped after his license plate is not removed from the wanted list. The results add up to a A growing list of errors from Cameras that support artificial intelligence.

Leave a Reply

Your email address will not be published. Required fields are marked *