Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Apple Hide My Email Flaw Exposed Real User Email Addresses
CyberSecurity News

Apple Hide My Email Flaw Exposed Real User Email Addresses

Key Takeaways A critical vulnerability in Apple’s “Hide My Email” feature allows real user email addresses to be exposed. The flaw affects iCloud+ users who rely on the service for...

Jennifer sherman
Jennifer sherman
July 1, 2026 3 Min Read
4 0

Key Takeaways

  • A critical vulnerability in Apple’s “Hide My Email” feature allows real user email addresses to be exposed.
  • The flaw affects iCloud+ users who rely on the service for privacy and anonymity.
  • Discovered over a year ago by security researcher Tyler Murphy, the vulnerability remains unpatched.
  • Exploitation is possible with limited technical skill, undermining user privacy and increasing risks of targeted attacks.

Apple’s “Hide My Email” feature, a cornerstone of its iCloud+ privacy offerings, is currently compromised by an unpatched vulnerability. This flaw permits malicious actors to uncover the genuine email address behind an anonymized alias, a discovery validated by security researcher Tyler Murphy and independently confirmed by 404 Media.

Table Of Content

  • Key Takeaways
  • Apple ‘Hide My Email’ Vulnerability
  • What You Should Do

Designed to safeguard user privacy, Apple’s Hide My Email generates unique, relay email addresses. These aliases are intended to shield a user’s primary inbox when signing up for services or registering for applications, preventing direct exposure of their personal email.

According to Murphy, co-founder of EasyOptOuts, a critical defect within this mechanism allows individuals with even modest technical expertise to ascertain the underlying real email address that should remain confidential.

Apple ‘Hide My Email’ Vulnerability

404 Media corroborated the existence of this issue, successfully testing it against one of its own hidden addresses. The publication confirmed the vulnerability remained exploitable as of Monday, more than a year after it was initially reported to Apple.

EasyOptOuts initially identified the vulnerability and provided Apple with comprehensive reproduction instructions over a year ago, adhering to established responsible disclosure protocols. Despite this, Apple has not deployed a patch or communicated any mitigation strategies to affected users, leaving the weakness active within its production services.

Given the continued exploitability of the bug, 404 Media and Murphy have opted for a partial disclosure. This approach aims to alert the public to the danger while withholding precise exploitation steps to prevent widespread, trivial abuse.

Hide My Email is a widely adopted feature, particularly by privacy-conscious individuals who depend on Apple’s ecosystem to segregate identities across various online services, thereby reducing tracking and unsolicited spam.

This vulnerability critically undermines the trust boundary established by the feature. It transforms supposedly opaque aliases into weak pseudonyms that can be traced back to the user’s actual mailbox. This significantly elevates the risk of targeted phishing campaigns, spam correlation, and the deanonymization of accounts linked to sensitive activities.

Since exploiting this flaw does not demand elevated privileges or insider access, the threat landscape extends to common attackers who can systematically enumerate or probe Hide My Email addresses.

“We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer,” Murphy informed 404 Media. He emphasized that Hide My Email users “deserve to know that it may be possible for attackers to discover their hidden email addresses.”

This situation underscores a growing conflict between vendor silence and the necessity for transparent, actionable information regarding consumer privacy tools. Until Apple rectifies this flaw, journalists, activists, and other high-risk users should consider Hide My Email aliases as potentially linkable to their genuine email identities and adjust their operational security practices accordingly.

What You Should Do

  • Assume any “Hide My Email” aliases you use could be linked to your real email address.
  • Exercise extreme caution with emails received via Hide My Email aliases, especially if they contain suspicious links or attachments.
  • Consider using alternative, more robust email anonymization services if your threat model requires absolute privacy.
  • Stay informed about official communications from Apple regarding a patch or mitigation for this vulnerability.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitPatchphishingSecurityThreatVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Fluentd Vulnerabilities Allow Remote Code Execution

Next Post

Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us