- Apple Hide My Email can reveal a user’s authentic email address
- The bug puts users at risk of identification, experts warned
- It has been unpatched for over a year
A bug in Apple’s ‘Hide My Email’ feature allows for those with knowledge of the vulnerability to identify the real email address hidden behind the anonymous email address.
The bug was discovered by EasyOptOuts co-founder, Tyler Murphy, who shared the exploit with 404 Media after notifying Apple multiple times that the feature could be actively exploited.
“We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer,” Murphy said.
Hide My Email can be actively exploited
As the bug still hasn’t been patched, the details of how the exploit works have not been shared.
Apple’s Hide My Email feature was designed to anonymize email addresses, helping to prevent a user’s real email address from being leaked in a data breach, or to prevent a user’s email address from being linked to them personally in a way that could reveal their identity.
There lies the crux of the issue. By being able to identify the real email address by exploiting the bug, a malicious actor could uncover the real identity of the anonymized email.
“Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” Murphy said. “We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable.”
Users concerned about being identified via people-search sites can use a data removal service to have their data scrubbed from these sites, but the process can take a few days.
The issue was first reported to Apply by Murphy in June 2025, with Apple replying a month later that it was looking into the cause of the issue. Earlier this year, in March, Apple said that it had “addressed the reported issue in a recent system change,” but Murphy found that the bug could still be exploited.
Again, Murphy notified Apple, who replied in May 2026, stating, “We are still investigating this issue. To avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us to maintain and improve the security of our products.”
Later in the same month, Apply said a fix was “expected in the coming weeks.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/NhJKejfFerSum2SW4TXEkX-1920-80.jpg
Source link
benedict.collins@futurenet.com (Benedict Collins)




