TL;DR
A vulnerability in Apple’s Hide My Email service has been discovered that can reveal users’ real email addresses. The flaw has been present for at least a year and remains unpatched, raising privacy concerns.
Security researcher Tyler Murphy has revealed a flaw in Apple’s Hide My Email service that can expose users’ real email addresses. The vulnerability has been present for over a year and remains unpatched, raising significant privacy concerns for users relying on the feature to anonymize their email addresses.
In a report from 404 Media, Murphy explained that the flaw allows an attacker or anyone with access to a Hide My Email address to link it back to the user’s actual email. Murphy and independent testers confirmed that all tested Hide My Email addresses, including newly generated ones using the @icloud.com domain, could be exploited to reveal the real email address.
Murphy first reported the issue to Apple last summer, and the company responded that it had addressed the problem by March 2025. Learn more about Apple’s email privacy issues. However, subsequent testing showed the vulnerability persisted, and Apple recently informed Murphy that it was still investigating the issue, with no fix issued yet. Apple did not respond to requests for comment from 404 Media.
Implications for User Privacy and Data Security
This vulnerability undermines the core purpose of Hide My Email, which is to protect user privacy by preventing companies from linking online activity to real identities. The flaw exposes users to potential targeted attacks, identity leaks, and increased privacy risks. As Apple’s privacy features are widely used, especially among security-conscious users, the unresolved vulnerability could erode trust in the company’s privacy claims and impact millions of users globally.

McAfee Total Protection 3-Device 2025 Ready |Security Software Includes Antivirus, Secure VPN, Password Manager, Identity Monitoring | 1 Year Subscription with Auto Renewal
DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background on Apple’s Privacy Features and Past Vulnerabilities
Apple introduced Hide My Email in 2021 as part of its broader privacy initiatives, allowing users to generate unique, random email addresses that forward messages to their personal accounts. The feature aimed to reduce exposure of personal email addresses during sign-ups and online interactions. Despite its popularity, the security community has periodically identified flaws in Apple’s privacy tools, though many have been swiftly addressed. The recent discovery by Murphy highlights ongoing challenges in maintaining the security of these privacy features, especially as attackers seek to exploit them for identity leaks or targeted attacks.
“Apple Hide My Email is leaking email addresses that are supposed to be hidden.”
— Tyler Murphy, security researcher
secure email forwarding service
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Extent and Impact of the Vulnerability Remain Unclear
While Murphy’s tests confirm the existence of the flaw, the full scope of affected users and potential exploits remains unknown. It is not yet clear how widespread the vulnerability is beyond initial tests or whether malicious actors have exploited it in the wild. Apple’s ongoing investigation means the exact technical details and timeline for a fix are still uncertain.
privacy-focused email alias generator
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Expected Apple Response and Future Security Updates
Apple is expected to prioritize investigating the flaw, with a potential security patch in upcoming iOS updates. Users relying on Hide My Email are advised to remain cautious and monitor official Apple communications for updates. Security experts will continue to scrutinize the vulnerability to assess its full impact and develop mitigation strategies.

Eelexa Wallet Tracker Card, Rechargeable Thin Luggage Tracker, Works with Apple Find My (iOS Only), Item Finder for Wallet, Suitcase, ID Card, IP68 Waterproof
【Slim SmartCard】- Eelexa wallet tracker card features an ultra-slim design, seamlessly fitting into most wallets. It is designed…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Can my real email be exposed through Hide My Email now?
Yes, according to recent tests, the flaw can be exploited to reveal real email addresses linked to Hide My Email addresses. The vulnerability remains unpatched as of now.
Has Apple acknowledged this vulnerability?
Apple has responded that it is investigating the issue but has not yet issued a public statement or patch addressing the flaw.
Should I stop using Hide My Email?
Users should remain cautious and follow official updates from Apple. If privacy is critical, consider alternative methods until a fix is released.
Will this affect other Apple privacy features?
There is no evidence currently suggesting other Apple privacy features are affected, but ongoing investigations may clarify the scope of this vulnerability.
Source: WIRED