Sixcolors
Apple's 'Hide My Email' Feature Exposes Real Email Addresses Due to Vulnerability
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A significant vulnerability in Apple's 'Hide My Email' feature allows attackers to uncover users' real email addresses, despite the feature's intent to protect privacy. Discovered by Tyler Murphy of EasyOptOuts, the flaw was reported to Apple in June 2025, but the company has failed to resolve it over a year later. Testing revealed that 100% of Hide My Email addresses were exploitable. Apple acknowledged the issue and claimed to have addressed it in March 2026, but the vulnerability persisted. The feature is part of the iCloud+ service, which generates unique email addresses to shield users from spam and data breaches. As of July 1, 2026, the vulnerability remains unpatched, prompting concerns for users relying on this privacy feature.
Key Points: • A vulnerability in Apple's 'Hide My Email' feature exposes real email addresses. • The issue was reported to Apple in June 2025 but remains unresolved over a year later. • Testing showed that 100% of Hide My Email addresses were exploitable.