Saturday, 4 July 2026
Rīga TV

World and Latvian news in one place

TechnologyPublished: 4 July 2026 at 13:36

Apple's Hide My Email Service Fails to Hide Your Email, Vulnerability Found

Security researcher Tyler Murphy discovered that Apple's Hide My Email service leaks users' real email addresses. The flaw has existed for at least a year and remains unpatched.

Foto: Wired

A security researcher has found that Apple's Hide My Email service, designed to protect user privacy by generating random email addresses, actually leaks users' real email addresses. Tyler Murphy reported the flaw to Apple in June 2025. In tests with volunteers, all Hide My Email addresses were exploitable, linking newly created @icloud.com addresses back to their creators' real emails. Apple told Murphy in March that the issue had been addressed, but subsequent tests showed it was still exploitable. Apple said it was investigating but did not respond to requests for comment.

Other Security News

A member of the European Parliament's PEGA committee, created to investigate spyware abuses including Pegasus, was himself targeted with Pegasus, according to new research. Meanwhile, top Google security staff warned that EU pro-competition rule proposals could make Google Search and Android vulnerable to hacking.

A WIRED investigation revealed that Meta contractors posed as kids and teens to test how chatbots like Gemini and ChatGPT responded to high-risk topics such as suicide, sex, and drugs. Separately, a researcher used Anthropic's Claude Opus 4.7 to break into Front Gate's website and issue tickets to nearly any US music festival, including Lollapalooza and Bonnaroo.

The US Department of Justice announced the extradition of 19-year-old Peter Stokes, an Estonian-US dual citizen, for his alleged involvement in the Scattered Spider hacking group. Stokes is charged with computer intrusion, conspiracy, and fraud linked to a May 2025 hack of a luxury jewelry retailer demanding an $8 million cryptocurrency ransom. The company did not pay but incurred $2 million in costs.

India's government has asked WhatsApp to pause its rollout of usernames, claiming it could increase fraud and cybercrime. Similar queries were sent to Signal and Telegram.

Thousands of automatic license plate reader (ALPR) cameras across the US are causing innocent people to be stopped by police due to misidentification. The Institute for Justice found at least 24 cases of misidentification in eight years, including grandparents detained after a camera misread an 'O' as a '0'.

Comments

0/1500

Comments are automatically moderated. No hate, threats, personal data or spam.

Loading comments…

More in this category