Scoopfeeds — Intelligent news, curated.
Apple Hide My Email Vulnerability Exposes Real Email Addresses
tech

Apple Hide My Email Vulnerability Exposes Real Email Addresses

MacRumors · Jul 1, 2026, 1:20 PM · Also reported by 1 other source

A flaw in Apple's Hide My Email service can reportedly allow almost anyone to uncover the real email address behind a generated alias, and Apple has failed to address it for more than a year since it was first reported. 404 Media is withholding the technical specifics of the vulnerability because it remains exploitable, but the publication verified the issue this week using one of its own Hide My Email addresses. In tests with volunteers by the researcher who discovered the flaw, 100% of Hide My Email addresses were found to be exploitable. Tyler Murphy, co-founder of EasyOptOuts, discovered the issue and responsibly reported it to Apple in June 2025, along with instructions to replicate it. Apple acknowledged the report a month later and said it was investigating. Murphy said: Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses. Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk. In March 2026, Apple told Murphy it had "addressed the reported issue in a recent system change," but Murphy found the flaw had not in fact been closed. He provided further information, and Apple replied again to say it was still investigating. In May, Apple once more said the issue remained under investigation and asked Murphy not to disclose it publicly until the inquiry was complete. Murphy proposed that Apple suspend the creation of new Hide My Email addresses as an interim measure to limit customer risk, but there is no indication that suggestion was acted on. By the end of May, Apple said it expected to address the issue in a security update "expected in the com

Article preview — originally published by MacRumors. Full story at the source.
Read full story on MacRumors → More top stories

Also covered by

Aggregated and edited by the Scoop newsroom. We surface news from MacRumors alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop