Apple Hide My Email Vulnerability Exposes Real Email Addresses
A flaw in Apple’s Hide My Email service can reportedly allow almost anyone to uncover the real email address behind a generated alias, and Apple has failed to address it for more than a year since it was first reported. 404 Media is withholding the technical specifics of the vulnerability because it remains exploitable, but the publication verified the issue this week using one of its own Hide My Email addresses. In tests with volunteers by the researcher who discovered the flaw, 100% of Hide My Email addresses were found to be exploitable. Tyler Murphy, co-founder of EasyOptOuts, discovered the issue and responsibly reported it to Apple in June 2025, along with instructions to replicate it. Apple acknowledged the report a month later and said it was investigating. Murphy said: Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My …
