- Apple Hide My Email can reveal a user’s authentic email address
- The flaw puts users at risk of identification, experts warned
- It has been unpatched for over a year
A flaw in Apple’s ‘Hide My Email’ feature allows those with knowledge of the vulnerability to identify the real email address hidden behind the anonymous email address.
The flaw was discovered by EasyOptOut’s co-founder, Tyler Murphy, who shared the exploit with 404 Media after notifying Apple several times that the feature could be actively exploited.
“We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer,” Murphy said.
Hide my email can be actively exploited
Since the bug still hasn’t been patched, the details of how the exploit works haven’t been shared.
Apple’s Hide My Email feature is designed to anonymize email addresses, helping to prevent a user’s real email address from being leaked in a data breach, or to prevent a user’s email address from being linked to them personally in a way that could reveal their identity.
Therein lies the crux of the problem. By being able to identify the real email address by exploiting the flaw, a malicious actor could reveal the real identity of the anonymized email.
“Free, publicly available search sites make it easy to link an email address to other personal details, so people who rely on Hide My Email for security could be at risk,” Murphy said. “We don’t know the full extent of the problem, but in our limited testing with volunteers, 100% of Hide My Email Addresses could be exploited.”
Users who are concerned about being identified through people-search sites can use a data removal service to have their data scrubbed from those sites, but the process can take a few days.
The issue was first reported to Apply by Murphy in June 2025, with Apple responding a month later that it was investigating the cause of the issue. Earlier this year, in March, Apple said it had “fixed the reported issue in a recent system change,” but Murphy found that the flaw was still exploitable.
Again, Murphy notified Apple, which responded in May 2026, saying, “We are still investigating this issue. To avoid putting our customers at risk, we would appreciate you not disclosing this information until our investigation is complete. We appreciate your assistance in helping us maintain and improve the security of our products.”
Later that month, Apply said a fix was “expected in the coming weeks.”
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



