Apple's 'Hide My Email' Reportedly Exposes Your Real Email Address

TL;DR

A flaw in Apple’s ‘Hide My Email’ feature can reveal users’ real email addresses via public search sites. Apple has known about the issue since June 2025 but has yet to fully resolve it. This raises privacy concerns for users relying on the feature.

Apple’s ‘Hide My Email’ feature, designed to protect user privacy by generating anonymous email aliases, has a security flaw that can expose users’ real email addresses to malicious actors, according to reports from 404 Media. This vulnerability remains unpatched despite Apple’s acknowledgment of the issue, raising concerns about the effectiveness of the privacy tool.

According to 404 Media’s Joseph Cox, security researcher Tyler Murphy demonstrated that bad actors can use free, publicly accessible people-search sites to discover the real email address behind a ‘Hide My Email’ alias. Murphy tested multiple aliases and was able to retrieve the actual email address within minutes, confirming the exploit’s effectiveness. Apple reportedly became aware of this flaw as early as June 2025, but the company has not yet issued a comprehensive fix. In March 2026, Apple announced it had addressed the vulnerability, but subsequent tests and reports suggest the issue persists. Murphy has continued to alert Apple, which has confirmed ongoing investigations as recently as May 2026. Meanwhile, Apple plans to change the domain of ‘Hide My Email’ aliases from @icloud.com to @private.icloud.com, which could make aliases more distinguishable and less effective in maintaining anonymity.

At a glance
breakingWhen: ongoing; publicly reported in July 2026…
The developmentSecurity researchers have identified a vulnerability in Apple’s ‘Hide My Email’ that exposes users’ real email addresses, despite Apple’s assurances of privacy.

Impact of the Email Exposure Vulnerability

This flaw undermines a core privacy feature that many users rely on to protect their email addresses from spam, data breaches, and targeted attacks. The ability for malicious actors to uncover real addresses could lead to increased phishing, identity theft, or unwanted contact, especially as ‘Hide My Email’ is widely used for secure sign-ups. The ongoing presence of this vulnerability raises questions about Apple’s commitment to user privacy and the security of its services.

Wiaocit 3 Pack Tempered Glass Privacy Screen Protector for iPhone 16 Pro with 3 Pack Camera Lens Protector, 9H Hardness, Bubble Free, Case Friendly

Wiaocit 3 Pack Tempered Glass Privacy Screen Protector for iPhone 16 Pro with 3 Pack Camera Lens Protector, 9H Hardness, Bubble Free, Case Friendly

True Privacy Protection: Wiaocit Compatible for iPhone 16 Pro Privacy Screen protector for made of New Upgrade Privacy…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background on ‘Hide My Email’ and Related Security Concerns

‘Hide My Email’ was introduced as part of Apple’s broader privacy initiatives, allowing users to generate unique, disposable email aliases when signing up for services or sharing contact information. The feature is designed to prevent companies from collecting users’ primary email addresses, enhancing privacy and security. However, security researchers have previously raised concerns about vulnerabilities in Apple’s ecosystem, and this recent flaw adds to those worries. Apple has historically responded to security issues with patches and updates, but delays or incomplete fixes can leave users exposed for extended periods.

“The ability to discover the real email address from an alias using public search sites is a serious flaw that compromises user privacy.”

— an anonymous researcher

Amazon

email alias protection software

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent and Future of the Email Exposure Flaw

It is not yet clear whether the vulnerability affects all versions of Apple’s operating systems or only specific configurations. Apple has confirmed ongoing investigations but has not provided a timeline for a full fix. The impact of the upcoming domain change on the exploit’s effectiveness remains uncertain, and user awareness of the issue is still limited.

Incognito Toolkit - Tools, Apps, and Creative Methods for Remaining Anonymous, Private, and Secure While Communicating, Publishing, Buying, and Researching Online

Incognito Toolkit – Tools, Apps, and Creative Methods for Remaining Anonymous, Private, and Secure While Communicating, Publishing, Buying, and Researching Online

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Next Steps in Addressing the ‘Hide My Email’ Vulnerability

Apple is expected to release a security update aimed at patching the flaw, but the timeline remains unconfirmed. Security researchers and privacy advocates are urging the company to expedite the fix and clarify the scope of the vulnerability. Users are advised to be cautious when sharing aliases and consider alternative privacy measures until the issue is resolved. Further updates from Apple are anticipated as investigations progress.

Yilador Webcam Cover (3 Pack), 0.03 inch Ultra Thin Laptop Camera Cover Slide for iPhone iPad MacBook Pro Computer iMac Cell Phone PC Accessories Camera Blocker Slider, Great for Privacy - Black

Yilador Webcam Cover (3 Pack), 0.03 inch Ultra Thin Laptop Camera Cover Slide for iPhone iPad MacBook Pro Computer iMac Cell Phone PC Accessories Camera Blocker Slider, Great for Privacy – Black

Note: Not suitable for MacBooks released after 2023 or devices with a protruding front camera; Not applicable to…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

Can my real email address be exposed through ‘Hide My Email’?

Yes, according to recent reports, malicious actors can potentially uncover your real email address by exploiting this vulnerability and using public search tools. However, this depends on specific circumstances and the effectiveness of the exploit at any given time.

Has Apple acknowledged this vulnerability?

Yes, Apple has known about the issue since June 2025 and has confirmed ongoing investigations as of May 2026. The company announced it had addressed the flaw in March 2026, but evidence suggests the vulnerability persists.

Will changing the alias domain from @icloud.com to @private.icloud.com improve privacy?

Apple plans to make this change, which could make aliases more distinguishable from real addresses, potentially reducing their effectiveness in maintaining anonymity. The impact on security and privacy remains to be fully evaluated.

What should users do until the vulnerability is fixed?

Users should be cautious when sharing aliases and consider limiting the use of ‘Hide My Email’ for highly sensitive communications until Apple releases a patch. Staying updated on security advisories is also recommended.

Source: Lifehacker

You May Also Like

EY employee charged with accessing Australian prime minister’s bank details

An EY employee has been charged with illegally accessing the bank details of Australia’s prime minister. The case raises concerns over data security and political privacy.

Wordgard: In-browser Rich-text Editor From The Creator Of ProseMirror

Wordgard, a new in-browser rich-text editor developed by the creator of ProseMirror, has been announced, promising enhanced editing capabilities for web applications.

Why did this journal retract two 1940s papers by Max Planck?

Springer Nature removed two 1940s papers by Max Planck from its archive, citing copyright issues. The retraction raises questions about historical publication standards.

Bad cybersecurity by Secret Service agents put US officials at risk, inspector general says

A new inspector general report reveals poor cybersecurity practices by Secret Service agents risk compromising US officials’ safety.