Home TechnologyApple Hide My Email bug exposes users’ real email addresses

Apple Hide My Email bug exposes users’ real email addresses

by Helga Moritz
0 comments
Apple Hide My Email bug exposes users' real email addresses

Apple Hide My Email bug could reveal users’ real addresses, researcher warns

Researcher warns Apple Hide My Email bug can expose real addresses; limited tests showed full exploitability and users are urged to seek guidance and updates.

Apple faces renewed privacy scrutiny after a security researcher disclosed a vulnerability he says can unmask users’ real email addresses generated by the Apple Hide My Email feature. The issue, described by the researcher as consistently exploitable in limited tests, raises concerns for users who rely on disposable addresses to protect personal contact details. Apple has been notified and the researcher says the company was warned more than a year ago.

Researcher disclosure and verification

Tyler Murphy, the security researcher who identified the issue, told reporters he tested the flaw with volunteers and confirmed that every Hide My Email address in those tests could be linked back to real accounts. Murphy is co‑founder of a data‑removal service and said he notified Apple of the problem over a year prior to making his findings public. Details of the exploit have not been published publicly to avoid enabling malicious actors.

How Hide My Email is designed to protect users

Hide My Email is part of Apple’s suite of privacy features and is intended to create unique, random email addresses that forward messages to a user’s real inbox. The service allows users to sign up for newsletters, apps, and services without revealing their primary email, reducing tracking and limiting unwanted contact. In theory, the forwarding layer keeps the underlying personal address private while still allowing communication.

Testing results and scope reported by researcher

According to the researcher, limited tests involving volunteers produced a 100 percent success rate in correlating Hide My Email addresses with their true addresses. Murphy cautioned that the sample size was small and the full scope is not yet known, but emphasized that every attempted exploit in his tests succeeded. The researcher declined to disclose technical specifics of the vulnerability, citing the risk that public disclosure could enable widespread abuse.

Privacy and safety risks for users

If the reported Apple Hide My Email bug functions as described, it could allow third parties to map disposable addresses back to individuals, undermining anonymity and safety protections. That linkage could enable doxxing, targeted harassment, or aggregation of personal data through publicly available people‑search services. Users who depend on Hide My Email to separate online accounts from their primary address may therefore face increased exposure until the issue is resolved.

Apple’s response and industry practices

Apple has not disclosed a public remediation timeline and was contacted for comment; the company’s formal response remains pending. Security researchers generally follow coordinated disclosure practices by alerting vendors and withholding exploit details until patches are available, and the researcher in this case said he provided notice to Apple in advance. The episode highlights the tension between rapid disclosure to inform the public and the need to prevent enabling attackers.

Context of prior privacy concerns

The reported vulnerability arrives amid prior criticisms of privacy tools across the industry, including earlier findings that certain anonymization measures failed to fully prevent tracking. Apple has previously faced scrutiny over telemetry and device identifiers, and past research has identified weaknesses in protections intended to mask hardware addresses or analytics signals. Observers say successful privacy branding depends on consistent, demonstrable safeguards and timely fixes when gaps are found.

Guidance for users while the issue is investigated

Security experts recommend caution for users who rely on anonymizing features pending an official fix. Users can reduce risk by limiting use of disposable addresses for sensitive accounts, monitoring forwarded addresses for suspicious activity, and considering dedicated secondary accounts for signups. Enabling multifactor authentication and reviewing account recovery options can help mitigate damage if contact details are exposed.

Apple Hide My Email remains a valuable privacy tool when functioning correctly, but the researcher’s claims underscore that no solution is infallible. Users and organizations should remain attentive to official advisories and apply any patches or guidance issued by Apple as soon as they are available.

You may also like

Leave a Comment

The Berlin Herald
Germany's voice to the World