Apple Hide My Email Bug Exposes Users' Real Email Addresses
Hide My Email is used by iCloud+ subscribers to keep a real address off signup forms, newsletters
A vulnerability in Apple's Hide My Email feature can unmask the real inbox behind any alias in a matter of minutes, according to a security researcher who says Apple has known about the flaw for more than a year without fixing it.
Tyler Murphy, co-founder of the data-removal service EasyOptOuts reported the issue to Apple on June 11, 2025, along with steps to reproduce it. To confirm the flaw was still live, 404 Media generated a fresh Hide My Email alias and handed it to Murphy, who traced it back to the outlet's real address within about five minutes.
In separate tests run with volunteers, Murphy said every single Hide My Email address tried, 100%, turned out to be exploitable.
Communications Murphy shared with 404 Media show Apple acknowledged the report within a month and called it 'under investigation'. In March, the company told him the issue had been "addressed in a recent system change", but Murphy found it hadn't been.
But in May, the tech giant announced once more that it was under investigation and requested that he refrain from disclosing details of the bug publicly. Murphy proposed to the company that it could at least put a temporary halt to creating any new Hide My Email for the time being, but nothing like this seems to have occurred.
The company has stated that it hopes a solution will be forthcoming "in the coming weeks", but no patch has been released yet.
The Hide My Email tool is what iCloud+ users use to hide their actual email address from signup pages, newsletters, and other online services which they do not wish to associate their real identity with. Once the email alias has been decoded, Murphy explains, the information becomes freely available through people search websites, linking the real email to a person's name, location, or phone number.
However, according to recent reports by Apple, the tech giant is planning to combine Hide My Email and Sign in with Apple relay addresses.
-
US House committee accuses South Korea of discriminating against Coupang
-
X offers $1m to creators with new live studio launch
-
Google suffers major defeat as EU court upholds €4.1 billion antitrust fine
-
Amazon building more devices with in-house AI chips, says executive
-
OpenAI seeks to hand Trump administration a 5% stake under new proposal: Here’s why
-
Portugal debuts first open-source AI model as Europe pushes for tech sovereignty
-
UN issues stark warning as rapid AI growth may worsen global inequality
-
Apple Blocks Siri AI on EU iPhones, Here's Why