Apple Hide My Email Bug Reportedly Exposes Real Addresses, Raising iCloud+ Privacy Concerns

· · Views: 2,014 · 3 min time to read

Apple’s Hide My Email feature is facing new scrutiny after a security researcher claimed that a bug can expose the real email addresses the privacy tool is supposed to protect.

Apple’s Hide My Email has a bug that allows users’ real email addresses to be unmasked.

A Privacy Tool Meant to Hide Real Emails

Hide My Email is designed to help users avoid handing out their personal email addresses across apps, websites and online services.

TechCrunch described the feature as a privacy tool that uses disposable addresses to hide a user’s true email for online anonymity.

PCMag Australia’s report focused on the same core risk: a feature built to protect actual email IDs may reportedly be exposing them instead.

The concern is serious because Hide My Email is not just a spam-control feature. Users often rely on it to create accounts without linking their identity to a personal inbox, reduce tracking, limit unwanted marketing, and protect themselves from possible data breaches.

Researcher Says Apple Was Warned Last Year

The reported bug was discovered by Tyler Murphy, co-founder of EasyOptOuts, a paid data-removal service. Murphy said he warned Apple about the problem more than a year ago, but it remained unclear why the company had not fixed it.

Murphy’s claim is especially alarming because of the reported success rate in testing. Murphy said that, in limited tests with volunteers, “100% of Hide My Email addresses were exploitable”. That does not necessarily reveal the full scale of the problem, but it suggests that the flaw may not be isolated to a small number of accounts.

Exploit Details Are Being Withheld

The exact technical details of the vulnerability have not been publicly released. Details of the vulnerability have not been disclosed because of concerns that the bug could be exploited. That restraint matters because publishing a working method before a fix could increase the risk for iCloud+ users who depend on Hide My Email.

Still, the warning is already enough to raise questions about user trust. A privacy feature becomes weaker if users cannot know whether their supposedly hidden address can be traced back to their main Apple account. For people using aliases for sensitive sign-ups, harassment prevention, whistleblowing, or separation between personal and public identities, an exposed address could create real-world consequences.

Data Broker Risk Makes the Leak More Dangerous

The biggest danger may come after the email address is exposed. Murphy warned publicly accessible people-search sites can make it easy to link an email address to other personal details. That means a leaked email address may not remain just an email address. It can become a path to a name, phone number, location, relatives, social profiles or other identifiers collected by data brokers.

This is why the issue is broader than Apple Mail or iCloud settings. If Hide My Email aliases can be reversed, the feature’s privacy promise weakens at the exact point where users need it most.

Apple Has Yet to Explain Publicly

Apple has not yet provided a public explanation of the reported bug. TechCrunch said it reached out to Apple for more information and would update its story if the company responded.

The report also lands at an awkward moment for Apple’s privacy branding. Apple has built a large part of its reputation around user privacy. If the claim is confirmed, Apple will need to do more than patch a technical flaw. It will need to explain what happened, how long users were exposed, and whether people who relied on Hide My Email should take additional steps to protect their identities.

Share
f 𝕏 in
Copied