Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’

    July 1, 2026

    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

    July 1, 2026

    Building more resilient CNI: what industry pen testers told us

    July 1, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses
    News

    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

    adminBy adminJuly 1, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    A vulnerability in Apple’s “Hide My Email” tool lets almost anyone discover a person’s real email address that is supposed to be hidden by the feature, and Apple has failed to fix it for more than a year, according to a security researcher and 404 Media’s own tests.

    404 Media is not revealing the exact details of the vulnerability because it can still be exploited as of Monday, when 404 Media verified the issue with one of our own hidden email addresses.

    ”Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Tyler Murphy, the co-founder of EasyOptOuts, which discovered and reported the issue to Apple, told 404 Media.

    “Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” Murphy added.

    💡

    Do you know about any other privacy issues like this? I would love to hear from you. Using a non-work device, you can message me securely on Signal at joseph.404 or send me an email at joseph@404media.co.

    Hide My Email is part of Apple’s paid iCloud+ product. It lets users generate an anonymous email address which they can then use to sign up to services or email people with instead of their personal email. These email addresses are often two random words and a number ending in the @icloud.com domain.

    This can be useful for all sorts of reasons: to reduce spam; to create an account you may not want linked to your personal address and identity; and to not have your personal information held by a site that may later suffer a data breach. I personally have generated more than 400 email addresses with Hide My Email, for example.

    To test the issue I generated a new Hide My Email address and provided it to Murphy. Around five minutes later, he replied with my real email address linked to my Apple account which was supposed to be hidden.

    “We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy said.



    Murphy first reported this issue to Apple in June 2025, according to a copy of Murphy’s messages with Apple he shared with 404 Media. A month later, Apple replied and said it was looking into the issue. In March of this year, Apple said it had “addressed the reported issue in a recent system change.” But Murphy found the issue had not been fixed. He provided more information, and later that month Apple said again it was looking into it. Apple said it was still investigating in May.

    “We are still investigating this issue. To avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us to maintain and improve the security of our products,” Apple wrote in May.

    “It seems that ending new sales of Hide My Email until the problem is fixed would be an effective way to limit the number of customers at risk. Is that an option?” Murphy wrote back.

    At the end of May, Apple said it was planning to address the issue in a future security update “expected in the coming weeks.” Murphy then contacted 404 Media on Monday and provided details of the issue and his statement saying, “We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer.”

    Apple did not respond to multiple requests for comment from 404 Media.

    In June, TechCrunch reported Apple plans to make changes to Hide My Email that will make it significantly less effective. It will change generated email addresses from using the @icloud.com domain to @private.icloud.com, which means websites or services will be able to more more easily block signups from those addresses.

    About the author

    Joseph is an award-winning investigative journalist focused on generating impact. His work has triggered hundreds of millions of dollars worth of fines, shut down tech companies, and much more.

    Joseph Cox



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleBuilding more resilient CNI: what industry pen testers told us
    Next Article County With 37 Data Centers Asks Schools to ‘Conserve Electricity’
    admin
    • Website

    Related Posts

    News

    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’

    July 1, 2026
    News

    Building more resilient CNI: what industry pen testers told us

    July 1, 2026
    News

    Adobe patches seven max severity ColdFusion, Campaign flaws

    July 1, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views

    Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

    March 23, 202632 Views
    Our Picks

    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’

    July 1, 2026

    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

    July 1, 2026

    Building more resilient CNI: what industry pen testers told us

    July 1, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.