Apple Hide My Email Privacy Flaw Reportedly Exposes Users’ Real Email Addresses

A newly disclosed Apple Hide My Email bug could reveal users’ real email addresses despite the privacy feature. Learn how the reported vulnerability works, who is affected, and Apple’s response.

Jul 2, 2026 - 06:24
 0
Apple Hide My Email Privacy Flaw Reportedly Exposes Users’ Real Email Addresses
Image Credit: Chatgpt

Apple’s Hide My Email feature is designed as a privacy-focused tool that creates disposable email addresses, allowing users to keep their actual email addresses hidden when signing up for websites and online services. However, new research indicates that a flaw in the feature may allow attackers to uncover users’ real email addresses.

The issue was first reported by 404 Media, which says it independently tested and confirmed that the vulnerability is genuine. Tyler Murphy, the security researcher who discovered the bug, said he informed Apple about the issue more than a year ago but has yet to see the company release a fix. Murphy also stated that every attempt to reproduce the vulnerability during testing was successful.

“We don’t know the full scope of the issue, but in our limited tests with volunteers, 100% of Hide My Email addresses were exploitable,” Murphy told the publication. Technical details about how the vulnerability works have not been publicly released, as doing so could increase the risk of abuse.

Murphy is the co-founder of EasyOptOuts, a company that provides a paid service to remove users’ personal information from data broker websites. Speaking to 404 Media, he explained that “publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk.”

Privacy-focused tools remain relatively uncommon in the technology industry, and even when companies introduce them, they do not always perform as intended. Apple has previously faced criticism over similar privacy-related concerns.

One notable example came in 2022, when the company was sued following reports that iPhone applications continued to send analytics data to Apple even after users had enabled the setting intended to disable iPhone Analytics.

Another privacy concern surfaced in 2023 when researchers concluded that one of Apple’s privacy protections was effectively “useless.” According to their findings, a feature designed to anonymise users’ Wi-Fi connections by generating randomised MAC addresses—identifiers that can otherwise be used for tracking—was instead exposing the devices’ real MAC addresses.

Apple has long positioned user privacy as one of the core pillars of its products and brand identity. Given that reputation, many will be watching to see how quickly the company responds to the reported Hide My Email vulnerability. Addressing the issue promptly would not only strengthen the feature itself but also reinforce Apple’s broader commitment to protecting user privacy.

What's Your Reaction?

Like Like 0
Dislike Dislike 0
Love Love 0
Funny Funny 0
Angry Angry 0
Sad Sad 0
Wow Wow 0
Shivangi Yadav Shivangi Yadav reports on startups, technology policy, and other significant technology-focused developments in India for TechAmerica.Ai. She previously worked as a research intern at ORF.