Apple's 'Hide My Email' Feature Exposes Real Email Addresses Due to Vulnerability

Apple's 'Hide My Email' Feature Exposes Real Email Addresses Due to Vulnerability

First seen 1 Jul 2026, 15:46 UTC News.YcombinatorMacrumorsSixcolorsCybernewsDaringfireball+2 91% similarity 66.0
Share:

Article Content

Browse articles
ThreatCluster

A significant vulnerability in Apple's 'Hide My Email' feature allows attackers to uncover users' real email addresses, despite the feature's intent to protect privacy. Discovered by Tyler Murphy of EasyOptOuts, the flaw was reported to Apple in June 2025, but the company has failed to resolve it over a year later. Testing revealed that 100% of Hide My Email addresses were exploitable. Apple acknowledged the issue and claimed to have addressed it in March 2026, but the vulnerability persisted. The feature is part of the iCloud+ service, which generates unique email addresses to shield users from spam and data breaches. As of July 1, 2026, the vulnerability remains unpatched, prompting concerns for users relying on this privacy feature.

Key Points: • A vulnerability in Apple's 'Hide My Email' feature exposes real email addresses. • The issue was reported to Apple in June 2025 but remains unresolved over a year later. • Testing showed that 100% of Hide My Email addresses were exploitable.

ThreatCluster AI

Timeline

2025-06-01
Vulnerability reported to Apple
Tyler Murphy of EasyOptOuts reported the flaw in Hide My Email to Apple, providing replication instructions.
Mashable
2026-03-01
Apple claims to have addressed the issue
Apple announced it had addressed the reported vulnerability in a system change, but it remained unpatched.
Macrumors
2026-05-01
Apple continues investigation
Apple informed Murphy that the issue was still under investigation and requested not to disclose it publicly.
Cybernews
2026-07-01
Vulnerability publicly disclosed
404 Media and EasyOptOuts publicly disclose the vulnerability after confirming its existence and severity.
Daringfireball

Community

Browse all →