Apple's 'Hide My Email' Reportedly Exposes Your Real Email Address

TL;DR

A vulnerability in Apple’s ‘Hide My Email’ feature allows bad actors to uncover users’ real email addresses through publicly accessible search sites. Apple has known about the issue since June 2025 and is reportedly working on a fix, but the flaw remains unpatched as of July 2026.

Apple’s ‘Hide My Email’ feature has a security vulnerability that can expose users’ real email addresses to malicious actors. Despite Apple’s claims of investigating and patching the flaw, the vulnerability remains unpatched as of July 2026, raising concerns about user privacy and security.

According to reports from 404 Media, a security flaw in Apple’s ‘Hide My Email’ allows bad actors to discover the actual email addresses behind generated aliases. The vulnerability exploits publicly accessible people-search sites, enabling anyone to input an alias and retrieve the real email address linked to it. Tests conducted by Lifehacker confirm that, in multiple instances, the exploit successfully revealed the true email address within minutes.

Apple has been aware of this issue since June 2025, with the company confirming its investigation in March 2026. However, as of July 2026, the flaw remains unpatched, and Apple has continued to acknowledge ongoing investigations. The company had previously announced plans to change the alias domain from @icloud.com to @private.icloud.com, which experts say could make it easier for malicious actors to identify aliases and potentially undermine the feature’s privacy protections.

At a glance
updateWhen: developing; vulnerability known since J…
The developmentA security researcher reports that Apple’s ‘Hide My Email’ feature can be exploited to reveal users’ actual email addresses, raising privacy concerns.

Implications for User Privacy and Security

This flaw significantly impacts the privacy protections that ‘Hide My Email’ is supposed to offer. If malicious actors can reliably discover users’ real email addresses, it could lead to targeted spam, phishing attacks, or identity theft. The vulnerability also raises questions about Apple’s commitment to user privacy, especially given the feature’s role in safeguarding personal data during online interactions.

Amazon

Apple Hide My Email privacy protection

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background on ‘Hide My Email’ and Recent Security Concerns

‘Hide My Email’ was introduced as part of Apple’s privacy suite to allow users to generate anonymous email aliases when signing up for services, helping prevent spam and protect their primary email addresses. The feature has been widely adopted by privacy-conscious users. However, recent reports from 404 Media and Lifehacker reveal that security researchers have identified a flaw that can expose the underlying email addresses behind these aliases. Apple has known about the issue since mid-2025, but a fix has not yet been deployed, and recent plans to modify the alias domain may further compromise the feature’s effectiveness.

“Almost anyone can tap into this vulnerability to learn the real email address behind any Hide My Email proxy.”

— an anonymous researcher

Amazon

email alias security tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent and Impact of the Vulnerability Remain Unclear

While initial tests show the exploit works reliably, it is not yet clear how widespread or easily scalable the vulnerability is across all users’ aliases. Apple has not provided detailed technical disclosures about the flaw, and it is uncertain whether the company’s upcoming domain change will mitigate or exacerbate the issue. Additionally, the timeline for a comprehensive fix remains uncertain.

The Cat Internet Password Logbook: Organizer Your Personal Internet Address,Keeper Track Protect Usernames Log Book For Cats Lover

The Cat Internet Password Logbook: Organizer Your Personal Internet Address,Keeper Track Protect Usernames Log Book For Cats Lover

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Expected Updates and Ongoing Investigations

Apple is expected to release a security update to patch the flaw, but no specific timeline has been announced. Users are advised to remain cautious about sharing aliases, especially if the domain change to @private.icloud.com is implemented, as it could make aliases more recognizable and potentially more vulnerable. Researchers and security experts will continue monitoring the situation for further developments and official fixes.

The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and Pgp Privacy Software

The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and Pgp Privacy Software

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Can my real email address be exposed through ‘Hide My Email’?

Yes, according to recent reports, malicious actors can potentially discover your real email address by exploiting the vulnerability in the feature, especially if your alias is listed on publicly accessible search sites.

Has Apple acknowledged this vulnerability?

Yes, Apple has known about the flaw since June 2025 and confirmed ongoing investigations as of May 2026, but a formal fix has not yet been released.

Will changing the alias domain to @private.icloud.com make the feature more secure?

Experts suggest that this change could make aliases more distinguishable and potentially easier for malicious actors to identify, possibly reducing the privacy benefits of the feature.

What should users do to protect their privacy while the issue remains unresolved?

Users should avoid sharing their aliases publicly and consider disabling or deleting aliases if they suspect they may be vulnerable until Apple releases an official fix.

When might Apple release a patch for this vulnerability?

There is no official timeline, but ongoing investigations suggest a fix could be announced in the coming months. Users should stay updated through official Apple channels.

Source: Lifehacker

You May Also Like

Australian treasurer says alleged access of prime minister’s bank data ‘incredibly concerning’

Australian treasurer describes alleged access to prime minister’s bank data as ‘incredibly concerning,’ raising political and security questions.

Cutrova: Edit the Words, Not the Timeline

Cutrova introduces a local-first, text-based video editing tool that simplifies editing by editing transcripts, reducing complexity and enhancing privacy.

Security Roundup: Apple’s Hide My Email Service Fails to Hide Your Email

A security flaw in Apple’s Hide My Email tool has been found to leak real email addresses, raising privacy concerns after over a year of unresolved issues.

AmenGate: The Moment Before the Scroll

AmenGate is a new iPhone app that integrates prayer into phone use, aiming to transform reflexive scrolling into meaningful moments of faith.