Home / Lifestyle / Apple’s ‘Hide My Email’ may have been accidentally revealing your email for over a year

Apple’s ‘Hide My Email’ may have been accidentally revealing your email for over a year


By Raymond Saw July 2, 2026

A vulnerability in Apple’s Hide My Email feature meant that attackers could’ve exploited it to uncover users’ real email addresses, undermining one of the key privacy tools offered under Apple’s paid subscription services.

According to 404 Media, a security researcher known as Tyler Murphy of EasyOptOuts first reported the flaw to Apple in June 2025 after finding that email relay addresses generated through iCloud+ could, in some cases, be linked back to a user’s actual Apple account email.

404 Media later did their own tests which confirmed that the issue was still exploitable, prompting the publication to withhold technical details to prevent misuse. The issue has reportedly remained unresolved for over a year, despite being disclosed to Apple and independently verified in testing.

Hide My Email is designed to let users generate random, unique forwarding addresses that mask their real inbox when signing up for apps or websites. It is widely used to reduce spam, limit data tracking, and reduce the risk of exposure during third-party data breaches.

Murphy said that in limited testing, all Hide My Email addresses provided by volunteers appeared to be vulnerable, and that he was able to retrieve a real Apple account email within minutes of receiving a relay address. He also said Apple acknowledged the issue multiple times over the past year and indicated it was working on a fix, but the vulnerability has persisted.

Apple themselves for what it’s worth has not publicly detailed the flaw or confirmed when a fix will be released. The Cupertino giant had only previously told Murphy in May this year that they were still looking into it, and that a security update would fix it in ‘the coming weeks’.

Source

Read more of our articles below!