Security Roundup: Apple’s Hide My Email Service Fails to Hide Your Email

Security Roundup: Apple’s Hide My Email Service Fails to Hide Your Email

Security Roundup: Apple’s Hide My Email Service Fails to Hide Your Email

https://www.wired.com/story/security-roundup-apples-hide-my-email-service-fails-to-hide-your-email/

Publish Date: 2026-07-04 06:30:00

Source Domain: www.wired.com

A politician on the European Parliament’s PEGA Committee—created to investigate spyware abuses, including of the notorious Pegasus malware—was targeted with Pegasus himself, according to new research findings released this week. Meanwhile, top Google security staff warned this week that the pro-competition rule proposals in the EU could make Google Search and Android systems vulnerable to hacking and other abuse.

A WIRED investigation revealed this week that Meta contractors posed as kids and teens to see how chatbots like Gemini and ChatGPT responded to prompts about high-risk subjects, including suicide, sex and drugs.

And a researcher realized that he could use Anthropic’s Claude Opus 4.7 to break into the website of Front Gate and issue tickets to almost any United States music festival, including Lollapalooza and Bonnaroo.

But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Back in 2021, Apple launched its Hide My Email tool, which as the name suggests, allows people to sign-up for online services using an email address that isn’t linked directly to them. The privacy feature generates “unique, random email addresses” that will forward incoming messages to a user’s personal email address—reducing the amount of information you need to hand over to companies.

Reporting from 404 Media this week revealed that a vulnerability in the system has made it possible, for at least a year, for people’s real email addresses to be uncovered when they are using Apple’s privacy service. “Apple Hide My Email is leaking email addresses that are supposed to be hidden,” security researcher Tyler Murphy, who discovered the flaw in June 2025, told the publication. “In our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” he said.

The exact details of the vulnerability and how it works have…

Source