Apple's Hide My Email feature has bug exposing real email addresses, researcher says
A researcher discovered a bug in Apple's privacy tool that can reveal users' real email addresses, and warned Apple over a year ago without a fix.

Apple's Hide My Email feature, which allows users to generate disposable email addresses to protect their real inbox, appears to have a vulnerability. According to a new report from 404 Media, researcher Tyler Murphy found that the bug can unmask users' true email addresses.
Murphy informed Apple about the issue more than a year ago, but the company has not yet fixed it. 404 Media says it tested and verified the vulnerability. All attempts to exploit the bug were successful, Murphy said. "We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable," he told 404 Media.
Details of the vulnerability have not been publicly disclosed to prevent exploitation. Murphy is the co-founder of EasyOptOuts, a paid data removal service. He noted that public people-search sites can easily link email addresses to personal details, so users relying on Hide My Email for safety may be at risk.
TechCrunch reached out to Apple for comment. Apple has built a reputation on privacy, but similar issues have emerged before. In 2022, Apple was sued over iPhone apps sending analytics data despite privacy settings. In 2023, researchers found another privacy feature using randomized MAC addresses to be "useless." It remains to be seen how Apple addresses this latest bug.


