Techcrunch
Apple's 'Hide My Email' Vulnerability Exposes User Email Addresses
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A significant vulnerability in Apple's 'Hide My Email' feature allows attackers to uncover users' real email addresses behind generated aliases. Discovered by Tyler Murphy of EasyOptOuts, the flaw was reported to Apple in June 2025 but remains unpatched as of July 2026. Independent testing confirmed that 100% of tested aliases were exploitable, raising serious privacy concerns for users relying on this feature. Apple acknowledged the issue and claimed to have addressed it in March 2026, but subsequent tests revealed that the vulnerability persists. Additionally, Apple plans to change the domain of these aliases from @icloud.com to @private.icloud.com, which may further hinder the feature's effectiveness. Users are advised to consider alternative privacy options while Apple investigates the issue.
Key Points: • A vulnerability in Apple's 'Hide My Email' feature exposes real email addresses. • The flaw was reported over a year ago but remains unpatched as of July 2026. • Apple plans to change the alias domain, potentially making the feature less effective.